The Role Cyber Threat Intelligence (CTI) is an integral part of our Incident Response (IR) and Managed Services practices. As a CTI analyst you will be a critical part of our wider cyber team’s success. You will work across the full intelligence cycle to help our clients respond and recover to security incidents, and stay ahead of evolving threats, including: Threat Actor Intelligence: Track developments in the ransomware and cybercrime ecosystem, write and update profiles on key threat actors of interest, and share them with clients to inform case strategy and publish externally as thought leadership. Threat Actor Engagement: Monitor leak sites and negotiation portals across our global IR cases, inform case leads of regular developments, and research and draft attestations on sanctions exposure for given threat actors. Dark Web Monitoring: Use threat intelligence platforms and specialist tools to conduct targeted research on the dark web, set up and deliver regular monitoring engagements, and assist with renewals of these cases. Technical IOC Management: Collate technical indicators of compromise (IOCs) from across our global IR team, ensure they are enriched and correctly classified, and facilitate dissemination across the organisation to improve the operational effectiveness of our IR and Managed Services teams. Incident Data Collection and Analysis: Ensure incident data collected by our global IR team is accurate and consistent, manage this dataset, and analyse it to produce regular reporting on trends and insights for presentations, events, and training sessions. CTI-led Analysis: Assist with in‑depth investigations that have a strong threat intelligence component, including conducting research and drafting client‑facing reports. Blockchain Analysis: Use specialist tools to trace ransom payments, identify sanctions exposure or other compliance risks, and draft reports to present findings to clients. Thought Leadership: Contribute to public write‑ups and presentations on new vulnerabilities, trends, and threat actor techniques. Develop and Share Domain Expertise: Grow your cyber expertise and share it with the wider team through internal initiatives and programs. Business Development: Cultivate and manage close relationships with external partners and identify business development opportunities. Other features of the role include: Variety of casework: No day will be the same; we respond to a huge variety of incidents for both public and corporate clients. Range of opportunities: Opportunities to broaden your security awareness into testing and advisory projects, in addition to deepening your cyber threat intelligence and incident response expertise. Flexible working practices: We offer flexible working options to support work/life balance, recognising the intense and high‑pressure nature of incident response. What we're looking for Candidates with the following qualifications and experience are likely to succeed as Cyber Threat Intelligence Analysts at S‑RM. If you don’t meet all criteria but are still interested, we encourage you to apply. Required Skills Excellent written and verbal communication skills, with the ability to produce clear and concise reports. Strong analytical and problem‑solving skills, including the ability to work with incomplete, ambiguous, or conflicting information. Understanding of foundational cyber concepts such as common attack vectors (e.g., phishing, credential misuse), high‑level security terminology, and general threat actor motivations. Understanding of core intelligence concepts, including the intelligence lifecycle, requirements gathering, and distinctions between tactical, operational, and strategic intelligence outputs. A demonstrated interest in cyber threats, including financially motivated activity such as ransomware and extortion. Preferred Skills Academic or professional background in a research‑focused discipline (qualitative or quantitative), such as Political Science, Intelligence Studies, Criminology, Cybersecurity, Computer Science, Data Science, or related fields. Familiarity with cybersecurity fundamentals, such as threat actor TTPs, IOCs, and relevant frameworks (e.g., MITRE ATT&CK). Ability to contextualise findings into business‑relevant assessments, including potential impact, likelihood and recommended mitigations. Experience using OSINT and/or Threat Intelligence platforms (e.g., VirusTotal, Shodan, MISP, Recorded Future). Personal Attributes An investigative mindset and enthusiasm for investigations. Exceptional attention to detail, especially when examining indicators, infrastructure data, and adversary behaviours. A collaborative mindset and willingness to collaborate across teams. Ability to thrive under pressure, prioritise multiple tasks, and meet short deadlines. A self‑starter, demonstrating initiative, ownership of work and the ability to identify opportunities to enhance S‑RM's cyber capabilities. Relevant industry certifications are not required for this role. However, holding relevant CTI or cyber security related certifications such as GCTI, GCFA, SSCP, or Security+ is beneficial. Benefits Holiday – 23 days per year increasing to 28 days (+1 day for every year you worked at S‑RM, up to a maximum of 5 days) in addition to bank holidays. Gap Cover policy – allows you to bridge the gap between your medical bills and your medical aid cover. Hybrid and flexible working hours. Private pension – up to 7% company match. Life insurance 4× annual salary. Parental support including fertility treatment leave (5 days per cycle), maternity leave (26 weeks full pay followed by 13 weeks half pay), and paternity leave (6 weeks full pay). Health and medical benefits: Medical aid with Discovery Health for employee, partner and children up to the cost of the Classic Saver plan (taxable benefit); EAP programme for you and immediate family; free access to the Headspace mindfulness app. #J-18808-Ljbffr