Threat Operations Analyst

Threat and Vulnerability Analysis

• Review and analyse threats, risks, and vulnerabilities surfaced by the
• Research Team and cyber detection pipelines.
• Validate the presence of exposed services (e.g., RDP, SSH, databases, edge devices) using platforms such as Shodan, Censys, LeakIX, and Nuclei scans.
• Evaluate security configurations to determine whether mitigating controls or compensating measures are in place.

Asset Verification and Attribution

• Confirm internet-facing asset ownership using WHOIS, DNS lookups, reverse- DNS checks, TLS fingerprinting, Shodan datasets, and related OSINT techniques.
• Resolve attribution uncertainties, ensuring customers only receive notifications for confirmed assets.

Customer Notification and Advisory Work

• Produce clear and concise security alerts, including explanations of the issue, affected assets, recommended remediation steps, and references to vendor guidance.
• Communicate directly with customers and brokers to explain findings, clarify risks, and guide remediation priorities where necessary.

Internal Collaboration and Escalation

• Act as a technical escalation point for Customer Support, Underwriting, and Claims teams.
• Investigate inbound queries relating to exposed services, flagged vulnerabilities, potential false positives, or disputed asset ownership.
• Contribute technical insight to improve internal processes, detection workflows, and knowledge sharing across teams.

Operational Excellence

• Maintain a high standard of customer service, ensuring communications are professional, timely, and approachable.
• Assist in tuning detection logic and improving the accuracy of vulnerability and exposure matching.
• Support the continuous improvement of intelligence capabilities and processes.

Required Skills and Knowledge

• 5 + years experience
• Strong understanding of networking fundamentals (TCP/IP, ports, protocols, common services).
• Familiarity with cyber security terminology (CVE, CVSS, threat actor TTPs, exploitation lifecycle, attack surface concepts).
• Hands-on experience using internet scanning or exposure assessment tools (e.g., Shodan, Censys, LeakIX, Nuclei).
• Ability to interpret DNS records, WHOIS data, HTTP response headers, and other OSINT artefacts.
• Able to break down complex technical issues into clear, customer-friendly language.
• Proven track record in an MSSP, SOC, threat monitoring or security operations role.
• Experience triaging or validating vulnerabilities, exposures, misconfigurations, or security alerts.

Certifications (Desired but Not Essential)

• CompTIA Security+ (or equivalent vendor-neutral foundational certifications).
• Other relevant certifications (e.g., Network+, CySA+, GIAC, eLearnSecurity, or similar) welcomed.