Job Description

The Cyber Threat Intelligence Principal Specialist is responsible for operationalising threat intelligence, gathering information specific to WTW\xe2\x80\x99s environment and supporting threat hunting activities. The individual will have line-management responsibilities for analysts within the operations segment of the Cyber Threat Intelligence team and will guide collection and analysis efforts to meet the company\xe2\x80\x99s agreed Priority Intelligence Requirements. The successful candidate will work closely with the team\xe2\x80\x99s Strategic and Tactical Leads to provide actionable intelligence for internal stakeholders.

The individual will contribute to and work as part of a global multi-disciplined security community with clear vision and direction and top-down support across the business. They will help the wider community in fostering a culture which is both security aware and is a great place to come to work. WTW has a large global footprint and the successful individual will find a fascinating range of work.

This role is aligned to our Hybrid workstyle, predominantly based from home with occasional travel to WTW offices.

The Role

Provide support to Information Cyber Security from across the business by undertaking activities which include:

• Lead the team\xe2\x80\x99s efforts to operationalise intelligence, providing direction to more junior specialists and mentoring them in their development.
• Focus on the latest Tactics, Techniques, and Procedures (TTPs) being deployed by threat actors. Map these TTPs to WTW\xe2\x80\x99s operational environment to help protect our systems and data.
• Produce assessments on cyber threats, attacks, and external incidents of interest to WTW. Support threat hunting activities.
• Collect, analyse, and interpret qualitative and quantitative, technical and non-technical data in all-source intelligence analysis.
• Ensure timely response to any cyber incident to minimise risk exposure and production downtime by collaborating closely with incident response colleagues.
• Conduct security research \xe2\x80\x93 identify and navigate relevant online sources, including cyber security websites, forums, social media, and traditional sources to support research processes.
• Perform open source intelligence (OSINT) collection and analysis, identifying the most relevant and immediate cyber threats, malicious code, suspicious domains, and security vulnerabilities.
• Work with third parties developing shared intelligence including government, law enforcement agencies, and peer institutions operating in industry sectors relevant to WTW.

The Requirements

• Must have strong verbal and written communication skills, interpersonal collaborative skills and the ability to communicate security and risk-related concepts to both highly technical and non-technical audiences.
• Experience in developing and maintaining operational threat intelligence. Ability to review information to determine its significance, validate its accuracy, and assess its reliability.
• Ability to compile data from both open and closed sources, drawing analytical conclusions to shape recommendations for key internal decision-makers.
• Excellent knowledge of common security controls, detection capabilities, and other solutions for securing digital environments, preferably including an understanding of packet flows, TCP and UDP traffic, firewall and proxy technologies, anti-virus, intrusion detection and prevention systems, Endpoint Detection and Response (EDR), as well as other host-based monitoring, email monitoring and anti-spam technologies.
• Knowledge of Cloud security and incident response activities in a Cloud environment.
• Excellent understanding of Lockheed Martin\xe2\x80\x99s Cyber Kill Chain, the Diamond Model of Intrusion Analysis and the MITRE ATT&CK framework. Ability to implement threat modelling in support of Threat Intelligence activities.
• Understanding of assets and data of value to threat actors and how organisations are compromised.
• Experience working in one or more of Cyber Threat Intelligence, Cyber Security Operations or Digital Forensics.
• Experienced in analysing malware, hacking tools and threat actor TTPs to characterise threat actors\xe2\x80\x99 technical methods for accomplishing their goals.
• Experience of tracking threat actors and building up a repository of threat knowledge.
• Strong working knowledge of security relevant data, including network protocols, ports and common services, and application layer protocols (e.g. HTTP/S, DNS, FTP, SMTP, etc.).
• Knowledge of privilege escalation, persistence and lateral movement techniques deployed by threat actors.
• Experience of working and communicating within a global team environment.
• Willingness to join an on-call roster to support response to out-of-hours incidents.

At WTW, we believe difference makes us stronger. We want our workforce to reflect the different and varied markets we operate in and to build a culture of inclusivity that makes colleagues feel welcome, valued and empowered to bring their whole selves to work every day. We are an equal opportunity employer committed to fostering an inclusive work environment throughout our organisation. We embrace all types of diversity.

Willis Towers Watson