Threat Intelligence Specialist

Reporting to the Technical Threat Manager, you'll be responsible for researching, analysing, and reporting on cyber threats targeting QBE's global operations and technology environment. This role has a strong technical focus, centred on the collection, enrichment, automation, and analysis of adversary tactics, techniques, and procedures (TTPs) across the Unified Kill Chain and MITRE ATT&CK frameworks. You'll also support strategic intelligence functions, acting as a backup point of contact when needed to ensure continuity of intelligence delivery across our global CTI capability.

• Conduct advanced technical analysis of cyber threats using proactive and reactive intelligence methods.
• Collect, enrich, and disseminate threat intelligence from internal telemetry, commercial sources, and OSINT.
• Design and maintain automated intelligence workflows and integrations using APIs and scripting.
• Track and analyse adversary infrastructure, malware, and campaigns relevant to QBE's environment.
• Continuously assess the evolving threat landscape to determine exposure, likelihood, and business impact.
• Produce actionable intelligence outputs including indicator packages, threat actor profiles, and campaign assessments.
• Translate complex technical findings into concise, risk‑based intelligence for decision‑making.
• Collaborate with SOC, Detection Engineering, and Incident Response teams on purple‑team exercises and threat‑hunting.
• Maintain trusted relationships with industry and intelligence communities.
• Provide SME‑level advice and challenge stakeholders using evidence‑based reasoning.
• Support the Strategic CTI Analyst with technical insights and act as backup PoC when needed.
• Drive continuous improvement and automation across the CTI lifecycle.
• Apply creative thinking to troubleshoot and enhance detection and intelligence workflows.
• Demonstrate curiosity and self‑drive in researching emerging techniques and technologies.
• Actively contribute to CTI capability uplift through knowledge sharing and process improvement.
• Use JIRA, Confluence, and other platforms to manage workflows and document intelligence findings.

We're looking for someone with a strong technical background in threat intelligence, incident response, or threat hunting, ideally within enterprise or global environments. You'll be confident in analysing complex threats and communicating your findings clearly to both technical and non‑technical audiences.

You’ll ideally bring practical experience with threat intelligence platforms or automation tools, an understanding of cloud security architectures, and exposure to red, blue, or purple‑team exercises. Experience developing intelligence‑led detection content and operational playbooks would be a bonus.

• Advanced understanding of attacker tools, techniques, and procedures.
• Knowledge of security frameworks: OWASP, NIST, MITRE ATT&CK, Unified Kill Chain.
• Proficient in risk analysis and information systems best practices.
• Expertise in intelligence gathering and analysis tools, including OSINT.
• Strong knowledge of malware analysis, IOC identification, and adversary behaviour.