[LTA-ITCD] LEAD / PRINCIPAL / SENIOR CYBER THREAT INTEL ANALYST

[What the role is]

[What you will be working on]

The Cyber Threat Intelligence Analyst will be responsible for identifying, tracking, and analysing emerging cyber threats, with a focus on protecting critical IT/OT systems in the land transportation sector. This role goes beyond passive news consumption and emphasises active threat research, transforming global threat data into localised, actionable monitoring strategies and detection logic.

Key Responsibilities

• Intelligence Programme Development: Lead the development and continuous improvement of the Threat Intelligence (TI) function, including the implementation of of Standard Operating Procedures (SOPs) and CTI solution for intelligence collection, analysis, and dissemination.
• Threat Research & Actor Tracking : Conduct proactive research into the Tactics, Techniques, and Procedures (TTPs) of threat actors, with particular focus on the Asia‑Pacific region and Industrial Control Systems (ICS).
• Monitoring List Management : Curate, validate, and maintain high‑fidelity monitoring lists, including Indicators of Compromise (IOCs), for ingestion into SIEM, EDR, and Network Traffic Analysis tools.
• Detection Engineering Support : Translate research findings into technical detection artefacts, such as YARA, Sigma, or Snort rules, to strengthen proactive threat hunting and detection capabilities.
• Incident Response Integration : Act as the Tier- 3 intelligence lead during critical incidents, providing real‑time threat context, infrastructure pivoting, and attribution support to the CERT team.
• Vulnerability Intelligence : Monitor and prioritise newly disclosed CVEs based on the organisation's technology stack, providing actionable, risk‑based assessments to patching and infrastructure teams.
• TTP Mapping : Map observed adversary behaviours to the MITRE ATT&CK framework to identify visibility gaps and areas for improvement in existing security controls.
• Stakeholder Reporting : Produce high‑quality intelligence report/ update (including Flash Alerts) for emerging or imminent threats and monthly strategic summaries for management and public transport operators.

Technical Skills & Competencies

• OSINT & Investigation - Strong capability in conducting open‑source investigations across surface, deep, and dark web sources, including forums, code repositories, and social media, to identify leaked credentials or planned threat campaigns.
• Automation - Proficiency in scripting to build custom scrapers, automate Threat Intelligence Platform (TIP) workflows, and manage large‑scale intelligence datasets.
• Log Analysis - Ability to correlate threat intelligence with internal telemetry (e.g. proxy, firewall, EDR logs) to validate malicious activity and identify early indicators of compromise.
• Framework Knowledge - Strong understanding of MITRE ATT&CK, Diamond Model of Intrusion Analysis, and Cyber Kill Chain.

[What we are looking for]

• Knowledge in Computer Science, Computer Engineering, Information Technology or related field.
• At least 8 years of experience in cybersecurity, with at least 4 years in Threat Intelligence, Advanced SOC Operations, or Incident Response roles.
• Education - Bachelor's degree in Computer Science, Information Security, or a related discipline.
• Professional Certifications - GIAC Cyber Threat Intelligence (GCTI) or Certified Information Systems Security Professional (CISSP)
• Desired Technical Certifications - Relevant technical certifications such as GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA) or GIAC Reverse Engineering Malware (GREM) would be advantageous.
• Demonstrated track record in mentoring junior analysts and uplifting SOC/CERT capabilities.
• Strong technical writing and communication skills, with the ability to brief senior leadership and executive stakeholders on complex cyber risk matters.
• Ability to operate effectively in a cross‑matrix environment, as well as independently and decisively in a fast‑paced, high‑impact operational setting.