This website uses cookies to ensure you get the best experience. Learn more
Willis Towers Watson

Principal Threat Intelligence Specialist- 12 month fixed term contract

Summary of Role

Initial fixed term contract for 12 months with possibility to extend or convert to permanent employee.

The Threat Intelligence Principal Specialist is responsible for tracking the tactics, techniques and procedures (TTPs) related to threat actors, campaigns and malware, providing intelligence analysis in the form of timely alerts, briefs, and analytical assessments. Focusing on+ threats related to information technology environments, the Threat Intelligence Principal Analyst will produce actionable intelligence in a clear and concise manner. The individual will report top threats by providing awareness, indications, warnings, and operational readiness briefings.

We are looking for a collaborative team player, with brilliant coordination and communication skills who likes to work in a fast pace environment. The successful candidate will be able to support the Information Cyber Security Threat Intelligence team in a global organisation, and there are opportunities to get exposure to other security disciplines. 

They will contribute to and work as part of a global multi-disciplined security community with clear vision and direction, and top down support across the business. They will help the wider community in fostering a culture which is both security aware and is a great place to come to work.

The Role

Support Information Cyber Security incidents from across the business including:
  • Collecting, analysing, and interpreting qualitative and quantitative, technical and non-technical data from multiple sources.
  • Conduct security research - identify and navigate relevant online forums, including Web sites, social media, and traditional sources to support research and analysis.
  • Perform open source intelligence (OSINT) collection and analysis, identifying indications of cyber threats, malicious code, malicious websites, and vulnerabilities.
  • Conduct Threat Intelligence activities, including advanced techniques to investigate potential security incidents.
  • Provide timely, comprehensive and accurate information / products to the key stakeholders in both written and verbal communications.
  • Identify credible, new intelligence, and subject matter resources relative to current and emerging threats.
  • Produce assessments on cyber threats, attacks, and incidents of interest to Willis Towers Watson (WTW).
  • Create written and verbal intelligence products for internal stakeholders to assist in proactively addressing threats.
  • Provide subject matter expertise on cyber threats to support current analytic operations and initiatives.
  • Work with third parties developing shared intelligence including government and law enforcement.
  • Ensure timely response to any cyber incident to minimise risk exposure and production down time.
  • Conduct Threat Intelligence activities, including advanced investigation (eg forensic analysis to include evidence seizure and malware analysis) to investigate potential security incidents.
  • Analyse and correlate incident data to develop a preliminary root cause and corresponding remediation strategy.
The Requirements
  • Must have strong communication skills, interpersonal collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences.
  • Experience in developing and maintaining Threat Intelligence, ability to review information to determine its significance, validate its accuracy and assess its reliability.
  • Good knowledge of common security controls, detection capabilities, and other practices and solutions for securing digital environments, preferably, include an understanding of packet flows, TCP and UDP traffic, firewall and proxy technologies, anti-virus, intrusion detection and prevention systems, as well as other host-based monitoring, email monitoring, and anti-spam technologies.
  • Knowledge of Cloud security and incident response in a Cloud environment.
  • Understanding of the Kill Chain, Diamond Method of Analysis and MITRE framework.
  • Understanding of what information or assets are of value to threat actors and how organisations are breached.
  • Experience working in one or more of threat intelligence, security operations, or forensics.
  • Experience in analysing malware, hacking tools, and threat actor tactics, techniques and procedures to characterize threat actors’ technical methods for accomplishing their missions.
  • Strong working knowledge of security relevant data, including network protocols, ports and common services such as TCP/IP protocols and application layer protocols (e.g., HTTP/S, DNS, FTP, SMTP, etc...).
  • Knowledge of privilege escalation, persistence and lateral movement techniques.
  • Experience of working and communicating within a global team environment.
Equal Opportunity Employer

Apply Now

Share this