This list contains only the countries for which job offers have been published in the selected language (e.g., in the French version, only job offers written in French are displayed, and in the English version, only those in English).
The Threat Intelligence & Incident Response Lead shapes ANS’ proactive cyber defence through intelligence-led operations, incident response, threat hunting, and CTEM. You’ll lead threat intelligence and incident response within the SOC, turning emerging threats and customer risk into actionable detection and response. Combining hands-on expertise with technical leadership, you’ll drive the evolution of MDR and proactive security services, while collaborating across Security teams, customers, and partners to strengthen overall capability.
Job Responsibility
Lead and mature threat intelligence, embedding it across detection, investigation, hunting, and protection
Research emerging threats, adversary tactics, and vulnerabilities relevant to customers
Translate intelligence into actionable detections, automation, and security improvements
Produce customer and internal threat advisories
Identify emerging risks across sectors and technologies
Align with frameworks (e.g. MITRE ATT&CK)
Partner with Engineering and SOC to improve detection and response
Lead technical response for high-priority incidents (P1/P2)
Own and enhance incident readiness, playbooks, and processes
Drive post-incident reviews and continuous improvement
Embed threat-informed improvements into detections and response
Support containment, eradication, and recovery activities
Coordinate escalations, including external IR and forensics
Lead incident response exercises
Mature CTEM through threat-informed risk and exposure prioritisation
Correlate vulnerabilities and telemetry with threat intelligence
Support exposure validation, security reviews, and testing
Provide recommendations to reduce risk and improve resilience
Support proactive security improvements across services
Develop hypothesis-led threat hunting aligned to threat landscape and risk
Lead proactive hunts using telemetry, intelligence, and IoCs
Collaborate to identify suspicious activity and attack patterns
Turn hunt outcomes into improved detections and response
Optimise detection through tuning and gap identification
Enhance ATT&CK-aligned detection coverage
Provide technical leadership across SOC activities
Mentor analysts through coaching and knowledge sharing
Drive maturity across IR, hunting, intelligence, and detection
Develop standards, documentation, and playbooks
Act as escalation point for complex investigations
Support service and capability development
Support customer discussions on incidents, threats, and risk
Present technical findings in clear business terms
Contribute to service improvement and maturity discussions
Partner with Customer Success, Service Owners, and Pre-Sales to align services.
Requirements
Experience in one or more of: SOC, MDR or MSSP environments
Threat intelligence and adversary analysis
Incident response and cyber coordination
Threat hunting and proactive investigations
Detection engineering and alert tuning
SOAR / security automation
CTEM, vulnerability prioritisation or exposure management