About Threat Insights

Threat Insights is a specialist cyber threat intelligence consultancy serving financial services institutions across Europe. We help banks, insurers, payment providers, and financial infrastructure operators build CTI capabilities, achieve DORA compliance, and prepare for threat-led penetration testing under TIBER-EU frameworks.

Unlike threat intelligence platforms that aggregate feeds or Big 4 firms offering broad cybersecurity advice, we exist in the space between—providing deep, human-curated threat intelligence expertise that regulatory frameworks demand and financial institutions need.

We’re growing strategically, building a team of senior CTI professionals who combine analytical rigor with client advisory skills. If you’ve built intelligence products in high-stakes environments and want to apply that expertise to one of Europe’s most regulated and targeted sectors, we should talk.

The Role

As a Cyber Threat Intelligence Analyst at Threat Insights, you’ll conduct threat research, produce intelligence assessments, and deliver client-facing intelligence products for financial services institutions navigating DORA compliance and evolving threat landscapes.

This is not a SOC analyst role monitoring feeds. You’ll be conducting deep analytical work—profiling threat actors, developing threat scenarios for TLPT engagements, researching adversary TTPs, and producing regulatory-grade intelligence reports that inform C-suite decisions and satisfy competent authority requirements.

You’ll work directly with clients, translating complex threat landscapes into actionable intelligence, presenting findings to technical and executive audiences, and helping institutions build sustainable CTI capabilities.

Key Responsibilities

Intelligence Research & Analysis

• Conduct open-source, dark web, and closed-source research on threat actors, campaigns, and vulnerabilities relevant to financial services
• Profile nation-state APTs, ransomware groups, financially-motivated threat actors, and insider threats targeting banks, payment systems, and financial infrastructure
• Analyze adversary tactics, techniques, and procedures (TTPs) using MITRE ATT&CK and other structured analytical frameworks
• Monitor geopolitical developments, regulatory changes, and sector-specific threat trends affecting EU financial institutions

Intelligence Product Development

• Author Targeted Threat Intelligence Reports (TTIRs) for TLPT engagements under DORA and TIBER-EU frameworks
• Develop threat scenarios that map realistic adversary objectives to institution-specific attack surfaces
• Produce sector threat landscape assessments, executive threat briefings, and bespoke intelligence reports tailored to client requirements
• Create intelligence deliverables that meet regulatory standards for quality, sourcing, and analytical tradecraft

Client Engagement & Advisory

• Present threat intelligence findings to client security teams, risk officers, and executive leadership
• Support threat intelligence maturity assessments by evaluating client CTI capabilities and recommending improvements
• Advise clients on threat actor motivations, likely attack vectors, and intelligence-informed defensive priorities
• Participate in scenario development workshops, tabletop exercises, and TLPT planning sessions

Regulatory & Framework Alignment

• Ensure all intelligence products align with DORA Article 26 requirements, TIBER-EU guidance, and CREST standards
• Maintain awareness of evolving regulatory expectations for threat intelligence in financial services
• Document intelligence sources, analytical methods, and confidence levels to regulatory standards

Required Qualifications

Intelligence Background

• Minimum 3 years of experience in an intelligence role within military, law enforcement, government agency, or intelligence services
• Proven track record producing finished intelligence reports, threat assessments, or analytical products for decision-makers
• Demonstrated ability to collect, analyze, and synthesize information from multiple sources into coherent intelligence assessments
• Experience working with classified or sensitive information under strict handling protocols

Analytical Capabilities

• Strong analytical and critical thinking skills with ability to assess source credibility, identify information gaps, and challenge assumptions
• Familiarity with structured analytical techniques (e.g., analysis of competing hypotheses, key assumptions check)
• Ability to work under ambiguity, draw conclusions from incomplete information, and communicate confidence levels appropriately
• Excellent written communication—capable of producing clear, concise, executive-ready intelligence products

Cyber & Technology Knowledge

• Understanding of cyber threat landscape, attack methodologies, and common adversary TTPs
• Familiarity with OSINT collection techniques, MITRE ATT&CK framework, and threat actor profiling
• Basic understanding of IT infrastructure, networks, and enterprise technology environments
• Willingness to develop deeper technical cybersecurity knowledge through on-the-job learning and training

Professional Attributes

• Authorized to work in [UK/EU]
• Eligible for security clearance vetting (desirable but not essential)
• Client-facing professionalism and ability to communicate technical concepts to non-technical audiences
• Self-directed work ethic with ability to manage multiple client engagements simultaneously

Desired Qualifications

• Intelligence community or law enforcement background with experience in counterterrorism, serious organized crime, fraud investigation, or cyber operations
• Previous exposure to financial sector threats, fraud analysis, or economic crime intelligence
• Experience with threat intelligence platforms (Recorded Future, Mandiant, ThreatConnect) or analytical tools
• Knowledge of DORA, NIS2, TIBER-EU, or other EU cybersecurity regulatory frameworks
• CREST Registered Threat Intelligence Analyst (CRTIA) or working toward CREST Certified Threat Intelligence Manager (CCTIM)
• Additional certifications: GCTI (GIAC Cyber Threat Intelligence), SANS FOR578, or similar
• Foreign language capabilities (particularly Russian, Farsi)
• Experience delivering training, briefings, or presentations to senior stakeholders