Threat Operations Analyst

Roles & Responsibilities

Threat Operations Analyst 

Key Responsibilities 

Threat & Vulnerability Analysis 

• Review and analyse threats, risks, and vulnerabilities surfaced by the CTRL and Proactive cyber detection pipelines. 
• Validate the presence of exposed services (e.g., RDP, SSH, databases, edge devices) using platforms such as Shodan, Censys, LeakIX, and Nuclei scans. 
• Evaluate security configurations to determine whether mitigating controls or compensating measures are in place. 

Asset Verification & Attribution 

• Confirm internet-facing asset ownership using WHOIS, DNS lookups, reverse-DNS checks, TLS fingerprinting, Shodan datasets, and related OSINT techniques. 
• Resolve attribution uncertainties, ensuring customers only receive notifications for confirmed assets. 

Customer Notification & Advisory Work 

• Produce clear and concise security alerts, including explanations of the issue, affected assets, recommended remediation steps, and references to vendor guidance. 
• Communicate directly with customers and brokers to explain findings, clarify risks, and guide remediation priorities where necessary. 

Internal Collaboration & Escalation 

• Act as a technical escalation point for Customer Support, Underwriting, and Claims teams. 
• Investigate inbound queries relating to exposed services, flagged vulnerabilities, potential false positives, or disputed asset ownership. 
• Contribute technical insight to improve internal processes, detection workflows, and knowledge sharing across teams. 

Operational Excellence 

• Maintain a high standard of customer service, ensuring communications are professional, timely, and approachable. 
• Assist in tuning detection logic and improving the accuracy of vulnerability and exposure matching. 
• Support the continuous improvement of CTRL intelligence capabilities and processes. 

Required Skills & Knowledge 

• Strong understanding of networking fundamentals (TCP/IP, ports, protocols, common services). 
• Familiarity with cyber security terminology (CVE, CVSS, threat actor TTPs, exploitation lifecycle, attack surface concepts). 
• Hands-on experience using internet scanning or exposure assessment tools (e.g., Shodan, Censys, LeakIX, Nuclei). 
• Ability to interpret DNS records, WHOIS data, HTTP response headers, and other OSINT artefacts. 
• Able to break down complex technical issues into clear, customer-friendly language. 

Experience 

• Proven track record in an MSSP, SOC, threat monitoring or security operations role. 
• Experience triaging or validating vulnerabilities, exposures, misconfigurations, or security alerts.  

Certifications (Desired but Not Essential) 

• CompTIA Security+ (or equivalent vendor-neutral foundational certifications). 
• Other relevant certifications (e.g., Network+, CySA+, GIAC, eLearnSecurity, or similar) welcomed. 

Personal Qualities 

• Strong written and verbal communication skills, with the ability to interact confidently with both technical and non-technical stakeholders. 
• Analytical mindset with excellent attention to detail. 
• Highly organised, able to handle multiple cases simultaneously. 
• Proactive, curious, and motivated to investigate and understand emerging threats.