CrawlJobs Logo

Specialist, Cyber Threat Intelligence

Canada, Toronto Employment contract · Job Posted June 15, 2026
Apply Position
Job Link Share

Job Description

The Specialist, Cyber Threat Intelligence is responsible for proactively identifying, analyzing, and disrupting cyber threats targeting the organization. This role blends strategic and tactical threat intelligence with hands-on threat hunting, enabling early detection of advanced adversaries, emerging attack techniques, and targeted campaigns.

Job Responsibility

  • Collect, analyze, validate, and contextualize cyber threat intelligence from multiple sources including OSINT, dark web forums, commercial feeds, ISACs, industry partners, and internal telemetry to identify emerging threats, adversary TTPs, and sector-specific risks
  • Drive and continuously mature the strategy, governance, and operational execution of the Cyber Threat Intelligence (CTI) program, establishing a formal intelligence lifecycle that ensures actionable intelligence is effectively collected, enriched, analyzed, disseminated, and operationalized within security functions
  • Track, profile, and conduct deep analysis of threat actors targeting the organization’s industry, technology stack, and supply chain, including long-term campaign tracking, infrastructure reuse, malware evolution, and adversary behavior patterns
  • Conduct intelligence-led and hypothesis-driven threat hunting across enterprise systems to identify stealthy, advanced, or previously undetected adversary activity
  • Support and participate in incident response, forensic analysis, and post-incident investigations, providing adversary attribution assessments, likely next-step analysis, and intelligence-based scope expansion
  • Serve as a bridge between fraud prevention, SOC, and intelligence teams to ensure comprehensive coverage of threats. Facilitate information sharing and collaboration to strengthen the organization’s overall security posture
  • Create detailed technical reports, threat advisories, and early warning alerts on emerging threats and incidents for technical and non-technical stakeholders

Requirements

  • A relevant University degree/technical certification, and/or relevant experience commensurate to the role
  • 5+ years of hands-on professional experience in Cyber Threat Intelligence and Threat Hunting within large enterprise or critical infrastructure environments
  • Deep, applied understanding of adversary tradecraft, including intrusion kill chains, MITRE ATT&CK, Diamond Model, malware families, exploitation techniques, persistence mechanisms, and threats targeting aviation and critical infrastructure sectors
  • Demonstrated experience conducting intelligence-led and hypothesis-driven threat hunts
  • Strong hands-on experience with threat intelligence platforms (TIPs), including IOC ingestion, enrichment, scoring, aging, and operational deployment
  • Proven ability to perform malware and campaign analysis, correlating samples, infrastructure, C2 patterns, payload behavior, delivery mechanisms, and underground chatter into cohesive adversary assessments
  • Experience with dark web monitoring, closed forums, leak sites
  • Advanced log analysis and data correlation skills to identify low-signal, stealthy, or novel adversary activity
  • Hands-on experience developing automation pipelines, scripts, or tooling (Python, PowerShell, APIs, SOAR, etc.) to support intelligence collection, normalization, enrichment, and dissemination
  • Experience with query languages and analytics (KQL, SPL, SQL, etc.) to support threat hunting, detections, and investigations
  • Experience building custom intelligence and threat dashboards (Splunk, Kibana, Grafana, Power BI) to track adversary campaigns, infrastructure, trends, and risk indicators
  • Ability to translate raw intelligence into actionable detections
  • Proven capability to work independently on complex investigations, prioritize competing intelligence requirements
  • Relevant security certifications preferred (e.g., GCTI, GIAC), or equivalent demonstrated expertise through operational experience
  • Adaptability and Flexibility
  • Accountability and Credibility
  • Customer Orientation
  • Results Orientation
  • Forward Thinking
  • Fostering Teamwork
  • Analytical Thinking
  • Interpersonal Effectiveness
  • Demonstrate punctuality and dependability

Nice to have

  • Relevant security certifications preferred (e.g., GCTI, GIAC), or equivalent demonstrated expertise through operational experience
  • Based on equal qualifications, preference will be given to bilingual candidates

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Specialist, Cyber Threat Intelligence

8 matching positions

Cyber Threat Intelligence Specialist

Join our mission to fight cybercrime and become a key member of our Threat Intel...
Location
Location
North Macedonia , Skopje
Salary
Salary:
Not provided
hornetsecurity.com Logo
Hornetsecurity
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Strong understanding of fundamental cybersecurity concepts, including the CIA triad (Confidentiality, Integrity, Availability), vulnerability management, Advanced Persistent Threats (APT), as well as security frameworks and standards such as NIST, ISO 27001 and MITRE ATT&CK
  • Advanced understanding of tools, tactics, techniques and Procedures (TTPs) utilized by threat actors and ability to identify behavioural or recurrent patterns
  • Proficiency with threat intelligence platforms such as OpenCTI, MISP or ThreatConnect
  • Familiarity with programming and scripting languages (e.g., Python, PowerShell)
  • Proficiency in network protocols and packet analysis, with a deep understanding of TCP/IP, DNS, HTTP/HTTPS, and other relevant protocols
  • Proficiency in using SIEM solutions (e.g., Splunk, QRadar), and other security tools
  • Strong analytical and problem-solving skills to assess complex threat information
  • Excellent written and verbal communication skills to effectively convey threat intelligence to both technical and non-technical audiences
  • Ability to work collaboratively in a team environment and build strong relationships with stakeholders
  • Strong attention to detail to identify subtle indicators of compromise and emerging threats
Job Responsibility
Job Responsibility
  • Lead the management of Threat Intelligence within our CTI platform. Verify and ensure the accuracy and reliability of data within the platform
  • Develop and maintain threat intelligence processes and procedures
  • Continuously monitor and analyze Cyber Threat Intelligence from various sources including open-source intelligence, commercial feeds and internal data
  • Identify and assess potential threats and vulnerabilities to our clients
  • Provide actionable intelligence insights to support relevant teams for incident response
  • Evaluate and recommend new tools and technologies to improve threat intelligence capabilities
  • Produce detailed reports and briefings on cyber threats, trends and incidents for technical and non-technical stakeholders
  • Collaborate with internal and external cybersecurity associations on behalf of Hornetsecurity, representing the company at industry events and conferences
What we offer
What we offer
  • Room for innovation and autonomy in a fast-growing international company
  • Temporary Employee Exchange Program – we provide the ability for you to work at our global office locations and explore the world (e.g. Berlin, Madrid, Malta, Montréal, Washington D.C.)
  • Flexible working hours and the option to work from home
  • Permanent contracts – we’re in it for the long haul and hope you are too!
  • Team events like Laser Tag, Office Movie Nights, Foodie Fridays and much more – let yourself be surprised!
  • FitKit subscription and private insurance for your health!
  • Referral Bonus: we pay 1500€ for each referral who is successfully hired by us!
  • Fulltime
Read More
Arrow Right

Cyber Threat Intelligence Specialist

To reduce Vodafone’s cyber risk exposure by delivering timely, actionable threat...
Location
Location
United Kingdom , Newbury
Salary
Salary:
Not provided
vodafone.com Logo
Vodafone
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Strong understanding of active nation‑state and financially motivated threat actors targeting telecoms, enterprise networks, and critical national infrastructure, with focus on actor tactics, techniques and procedures (TTP's)
  • Hands‑on experience producing and applying operational threat intelligence, including indicator development, attack pattern analysis, and supporting detection, response, and remediation activities
  • Ability to triage, correlate, and integrate multiple intelligence sources (telemetry, open source, vendor, and partner intelligence) into clear, actionable outputs
  • Effective stakeholder engagement skills across SOC, Incident Management and cyber defence teams, with the ability to communicate threat information clearly to technical audiences under operational pressure
  • Experience working with external intelligence communities and information‑sharing groups to enrich situational awareness and support operational security outcomes
Job Responsibility
Job Responsibility
  • Deliver operational and tactical threat intelligence on active threat actors, campaigns, and techniques impacting Vodafone's networks, IT environment, and services, with a focus on supporting detection and mitigation of threats
  • Support live incidents, investigations, and Threat Action Groups by monitoring adversary activity, providing timely intelligence updates, and maintaining situational awareness throughout operational events
  • Analyse threat reporting, tooling, and external intelligence to identify actionable indicators, attack patterns, and detection opportunities, feeding directly into CSOC, Incident Management, and defensive teams
  • Track intelligence outcomes by assessing whether intelligence contributed to detection improvements, response actions, vulnerability remediation, or threat disruption, and feed lessons learned back into operational processes
What we offer
What we offer
  • Yearly bonus: 10%
  • Annual leave: 28 days + bank holidays + the opportunity to buy/sell/carry over 5 days/year
  • Charity days: 5 days/year
  • Maternity leave: 52 weeks: the first 13 weeks are fully paid, followed by 26 weeks of half pay
  • Private pension: You can contribute up to 5% of your basic pay with 2:1 matching from Vodafone up to 10%
  • Access to: private medical, private dental, free health assessments, share save scheme
  • Additional discounts: Vodafone retail, gym, cinema, cycle to work, season ticket loan
  • Fulltime
Read More
Arrow Right

Strategic Threat Intelligence Specialist

To reduce Vodafone’s cyber risk exposure by delivering forward-looking, strategi...
Location
Location
United Kingdom , Newbury
Salary
Salary:
Not provided
vodafone.com Logo
Vodafone
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Strong understanding of nation-state and financially motivated threat actors targeting telecoms and critical national infrastructure
  • Experience in building or maturing intelligence-sharing processes, including defining requirements, standardising outputs, and measuring impact
  • Ability to combine multiple intelligence sources into clear, defensible strategic assessments
  • Strong stakeholder management skills across technical and executive audiences
  • Experience engaging with external intelligence communities and leveraging trusted relationships to enhance internal security posture
Job Responsibility
Job Responsibility
  • Produce strategic intelligence assessments on priority threat actors, campaigns, and emerging risks impacting telco, network and IT infrastructure
  • Mature and structure Vodafone’s intelligence-sharing relationships across internal stakeholders to ensure intelligence is actionable and consistently drives risk reduction
  • Strengthen and grow external intelligence partnerships with entities such as NCSC, ISACs, peer telcos, and intelligence providers
  • Establish feedback loops to measure whether shared intelligence results in detection improvements, vulnerability remediation, control uplift, or mission activity
  • Translate geopolitical developments, sector targeting trends, and adversary evolution into clear risk implications for Vodafone’s networks, platforms, estate, and supply chain
  • Brief senior leadership and stakeholders with concise, risk-based reporting that supports strategic decision-making
  • Support the development of structured threat missions aligned to priority adversaries, ensuring intelligence requirements are clearly defined and outcomes are tracked
What we offer
What we offer
  • Yearly bonus: 10%
  • Annual leave: 28 days + bank holidays + the opportunity to buy/sell/carry over 5 days/year
  • Charity days: 5 days/year
  • Maternity leave: 52 weeks: the first 13 weeks are fully paid, followed by 26 weeks of half pay
  • Private pension: You can contribute up to 5% of your basic pay with 2:1 matching from Vodafone up to 10%
  • Access to: private medical, private dental, free health assessments, share save scheme
  • Additional discounts: Vodafone retail, gym, cinema, cycle to work, season ticket loan
Read More
Arrow Right

Specialist, Cyber Intelligence - ISSO

L3Harris is dedicated to recruiting and developing high-performing talent who ar...
Location
Location
United States , Waco
Salary
Salary:
Not provided
l3harris.com Logo
L3Harris
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s Degree and minimum 4 years of prior relevant experience. Graduate Degree and a minimum of 2 years of prior related experience. In lieu of a degree, minimum of 8 years of prior related experience
  • Minimum Security+ certification required
  • This position requires a TS with SCI eligibility security clearance. Security clearances may only be granted to U.S. citizens
Job Responsibility
Job Responsibility
  • Responsible for the development, deployment and execution of controls and defenses to ensure the security of company technology, information systems, and system deliverables
  • Supports secure systems operations and maintenance
  • Assesses and mitigates system security threats and risks throughout the program life cycle
  • Performs system certification and accreditation planning, testing, and validation activities in coordination with government customers
  • Executes first level responses and addresses reported or detected incidents
  • Interprets, analyzes, and reports all events and anomalies in accordance with directives, to include initiating, responding, and reporting discovered events
  • Safeguards information against unauthorized use, infiltration, exfiltration, modification, destruction or disclosure of national security information
  • Notify the ISSM of changes affecting the ATO. Coordinate any changes to hardware, software, or firmware with the ISSM prior to any change
  • Building Aircraft disk pack sets, along with keeping them maintained and updated, as necessary to support our test team, and the Air Force as required
  • Willing to Travel 25% of the time to support offsite test events
  • Fulltime
Read More
Arrow Right

Cyber Threat Specialist

Critical role within the Cyber Threat Intelligence Team. As a Threat Specialist ...
Location
Location
Australia , Victoria
Salary
Salary:
Not provided
woolworths.com.au Logo
Woolworths Supermarkets
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7+ years of tested cyber security experience within high-pressure environments, including SOC, NOC, and CIRT ecosystems
  • Expert-level mastery in network intrusion, detection, and response, with a current and sharp understanding of the modern threat landscape
  • Deep-seated intuition for malicious code, with the specialised skills required to understand the anatomy of an attack
  • Seamlessly applying the MITRE ATT&CK® framework and Cyber Kill Chain methodology to map adversary behavior and anticipate the 'next move'
  • Broad spectrum confidence across an array of security applications, ensuring the right tool is leveraged for the right threat at the right time
  • Advanced proficiency in Open Source Intelligence, turning public data into actionable defensive strategies
  • A rare ability to translate complex cyber risks into tangible business outcomes, ensuring security initiatives drive organisational value rather than just technical compliance
  • Comprehensive end-to-end exposure to Incident Response (IR), from initial triage through to post-mortem and long-term hardening
  • Equally effective as an individual contributor or a collaborative team player, maintaining peak performance in both autonomous and integrated environments
Job Responsibility
Job Responsibility
  • Maintain awareness of the cyber threat landscape by conducting research to contribute to formal threat reports and curate actionable intelligence
  • Triage, tune, and customise threat alerts while incorporating curated Indicators of Compromise (IOCs) into the existing threat framework
  • Identify and prioritise detection opportunities using SIEM and EDR tools, mapped against the Mitre ATT&CK framework for comprehensive coverage
  • Conduct threat hunting, trigger incident response workflows, and provide dedicated intelligence support during major security incidents
  • Proactively raise security risks and recommend appropriate controls to strengthen the organisation's defensive posture
  • Assist with the zero-day vulnerability process and ensure all technical documentation remains current and accurate
  • Drive continuous improvement by streamlining workflows through the strategic use of automation and advanced tooling
  • Fulltime
Read More
Arrow Right

Cyber Threat Hunting Specialist

At Vodafone, we’re not just shaping the future of connectivity for our customers...
Location
Location
United Kingdom , Newbury
Salary
Salary:
Not provided
vodafone.com Logo
Vodafone
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Threat Research Expertise
  • You are an experienced security analyst who operates well beyond alert-driven workflows
  • You have a deep understanding of adversary tactics, techniques, and procedures
  • Analytical Thinking
  • You are comfortable working with incomplete, ambiguous, or conflicting data
  • Tool Proficiency
  • You are highly proficient in querying and analysing large-scale security data
  • Data Source Fluency
  • You are confident working across diverse telemetry, including endpoint, identity, network, and cloud data
  • Collaborative Communication
Job Responsibility
Job Responsibility
  • Proactively search for signs of cyber threats across systems and networks
  • Proactive Threat Hunting
  • Drive proactive threat hunting across Vodafone’s environment
  • Own complex investigations end-to-end
  • Rule Development for Security Operations
  • Translate your hunting outcomes into robust, production-ready detection logic
  • Challenge existing detections, identifying gaps in coverage, and refining logic
  • Threat Intelligence Integration
  • Work closely with Cyber Threat Intelligence to turn intelligence into actionable outcomes
  • Assess, validate, and challenge intelligence by mapping it to real telemetry and observed behaviours
What we offer
What we offer
  • Yearly bonus: 10%
  • Annual leave: 28 days + bank holidays + the opportunity to buy/sell/carry over 5 days/year
  • Charity days: 5 days/year
  • Maternity leave: 52 weeks: the first 13 weeks are fully paid, followed by 26 weeks of half pay
  • Private pension: You can contribute up to 5% of your basic pay with 2:1 matching from Vodafone up to 10%
  • Access to: private medical, private dental, free health assessments, share save scheme
  • Additional discounts: Vodafone retail, gym, cinema, cycle to work, season ticket loan
  • Fulltime
Read More
Arrow Right

Artificial Intelligence Security Specialist EMEA

Citi, the leading global bank, has approximately 200 million customer accounts a...
Location
Location
United Kingdom , London; Belfast
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5-7+ years for Assistant Vice President (C12 Mid - Senior Level)
  • 8-10+ years for Vice President (C13 Senior - Lead/Staff Level)
  • 10+ years for Senior Vice President (C14 Lead/Staff - Principal Level)
  • Depth in at least one of AI/ML engineering, offensive security, detection engineering, software engineering, or security research
  • Hands-on LLM API experience (context management, tool use, evaluation, failure modes) for AI/ML Engineering
  • Agentic systems design
  • AI safety at the infrastructure level
  • Vulnerability research, exploit development, or pen testing with real depth for Cyber Security
  • Detection engineering for novel attack patterns
  • Threat modelling (STRIDE, ATT&CK)
Job Responsibility
Job Responsibility
  • Depends on team: Offensive Security & Vulnerability Management — AI-assisted pen testing at a scale previously impossible
  • Automated exploit validation
  • Bridge the gap from 'AI found a vulnerability' to 'the application team has a PR to fix it'
  • AI & Emerging Technology Security — Define how the bank deploys AI safely
  • Security architecture and assurance for new implementations
  • Building the next generation of AI-powered tools for CISO colleagues
  • Test new models at the cutting edge of creation and influence
  • Cyber Security AI Services — Own the AI products CISO depends on in production — security assurance, cyber security operations, governance and controls, vulnerability assessment
  • Keep them reliable, evolve them fast
  • Cyber Security Operations — Detection, triage, and response for a world where adversaries use AI to find and exploit vulnerabilities faster than traditional detection can keep up
What we offer
What we offer
  • Business casual workplace
  • Hybrid working model (up to 2 days working at home per week)
  • Competitive base salary (annually reviewed)
  • 27 days annual leave (plus bank holidays)
  • Discretional annual performance related bonus
  • Private Medical Care & Life Insurance
  • Employee Assistance Program
  • Pension Plan
  • Paid Parental Leave
  • Special discounts for employees, family, and friends
  • Fulltime
Read More
Arrow Right

Artificial Intelligence Security Specialist EMEA

Artificial Intelligence Security Specialist EMEA at Citi. Working at Citi is far...
Location
Location
Hungary , Budapest
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Hands-on LLM API experience (context management, tool use, evaluation, failure modes)
  • Agentic systems design
  • AI safety at the infrastructure level, not just the prompt level
  • Vulnerability research, exploit development, or pen testing with real depth
  • Detection engineering for novel attack patterns
  • Threat modelling (STRIDE, ATT&CK)
  • Security architecture
  • You've built and operated production systems, not just prototypes
  • Strong Python and/or systems programming
  • Can digest dense technical research and turn it into actionable security recommendations
Job Responsibility
Job Responsibility
  • AI-driven vulnerability management
  • Security architecture for the AI era
  • Securing AI agents that can behave like insider threats
  • Offensive Security & Vulnerability Management — AI-assisted pen testing at a scale previously impossible
  • AI & Emerging Technology Security — Define how the bank deploys AI safely
  • Cyber Security AI Services — Own the AI products CISO depends on in production
  • Cyber Security Operations — Detection, triage, and response for a world where adversaries use AI
What we offer
What we offer
  • Cafeteria Program
  • Home Office Allowance (for colleagues working in hybrid work models)
  • Paid Parental Leave Program (maternity and paternity leave)
  • Private Medical Care Program and onsite medical rooms at our offices
  • Pension Plan Contribution to voluntary pension fund
  • Group Life Insurance
  • Employee Assistance Program
  • Access to a wide variety of learning and development programs, online course libraries and upskilling platforms, such as Udemy and Degreed
  • Flexible work arrangements to support you in managing work - life balance
  • Career progression opportunities across geographies and business lines
  • Fulltime
Read More
Arrow Right