Senior Security Engineer

To build and mature a cyber threat intelligence capability that serves as the predictive and proactive heart of our security programme. You will act as the technical authority for collecting, processing, and analysing intelligence, ensuring it enables a truly threat-informed defence. By converging intelligence tradecraft with engineering principles, you will drive the “Intelligence-to-Action” cycle and ruthlessly prioritise the efforts of our detection and response functions.

Intelligence-to-Action Engineering

• Operationalise the “Intelligence-to-Action Cycle,” prioritising security engineering efforts based on business risk and validated threats.
• Define and manage intelligence requirements to guide collection and ensure resources focus on the most relevant risks.
• Design “Threat Intelligence-as-Code” workflows that automatically trigger hunting packages or detection stubs in our data platform when CTI outputs are available.

Maintenance of CTI Systems

• Implement, manage and optimise the Threat Intelligence Platform (TIP) and analytical tools to automate across the intelligence cycle.
• Drive technical initiatives to reduce technical debt and ensure tools scale to meet the organisation’s evolving needs.
• Ensure seamless integration between CTI systems, SIEMs, SOAR, and endpoint detection platforms to correlate threats against internal telemetry and take suitable action.

Detection & Hunt Support

• Translate unstructured intelligence into actionable detection suggestions, collaborating with engineers to address coverage gaps for high-priority adversary behaviours.
• Support proactive threat hunting by defining process and systems which enable hypothesis-driven hunts based on adversary TTPs and specific business risks.

Automation & Force Multipliers

• Champion “Automation-First” principles, using scripting (Python, PowerShell) to automate repetitive data collection and enrichment tasks.
• Leverage AI and machine learning as “Force Multipliers” to summarise complex threat reports and accelerate code generation and deployment.
• Develop advanced workflows that integrate intelligence feeds directly into defensive controls for real-time blocking.

Strategic & Tactical Reporting

• Support the production of tiered intelligence products, from strategic executive briefings to operational reports on specific adversary campaigns.
• Disseminate machine-readable indicators (IOCs) to enable immediate detection and response actions.

Partnership & Sharing

• Act as the technical intelligence partner to Detection Engineering, Security Operations and Incident Response, ensuring a seamless flow of actionable data.
• Establish and mature intelligence-sharing partnerships with industry peers and intelligence-sharing communities to strengthen collective defence.

Experience & Requirements

• Experience: 3-5+ years in cybersecurity, specifically in Security Engineering, Threat Intelligence, Security Operations (SOC), Incident Response.
• Tradecraft: Advanced understanding of frameworks relating to threat modelling, threat intelligence, threat hunting and detection engineering (ATT&CK, D3FEND, Kill Chain, Attack Flow, STRIDE, DREAD, etc).
• Technical Skills: Proficiency in scripting languages (e.g., Python, PowerShell) for analysis, automation, and workflow improvement.
• Tooling: Hands‑on experience with Threat Intelligence Platforms (TIPs) (MISP, ThreatConnect, etc) and SIEM technologies (Splunk, Sentinel, etc).
• Communication: Strong ability to translate complex threat data into actionable insights for both technical and executive audiences.

#J-18808-Ljbffr…