Threat Intelligence Specialist

Threat Intelligence Specialist

London

Permanent (Hybrid)

About QBE   

At QBE, we get to the heart of what matters for our customers. And we do it all with a human touch.   

We’re an international insurer with more than 13,000 people working across 26 countries – which means we’re big enough for your ambitions, yet small enough for you to make a real impact. It’s an exciting time. We’re building momentum towards our vision to become the most consistent and innovative risk partner.  

What if you could have a positive impact – at work and in the world? As part of the QBE team, you’ll get to spend every day working with people who are passionate, talented and kind. 

The Opportunity 

We’re excited to be hiring a Threat Intelligence Specialist to join our Advanced Threat Services (ATS) Team on a full-time, permanent basis! You’ll be part of a supportive team that thrives on teamwork and innovation, where your expertise will be valued as we work together to tackle the ever-evolving cyber threat landscape. 

We’re looking to welcome our new team member from early January 2026, so if you’re ready to make an impact in the new year, we’d love to hear from you! 

Having the right to work in the UK is a requirement for this role.  QBE may consider sponsorship at its discretion.

Your New Role 

Reporting to the Technical Threat Manager, you’ll be responsible for researching, analysing, and reporting on cyber threats targeting QBE’s global operations and technology environment. This role has a strong technical focus, centred on the collection, enrichment, automation, and analysis of adversary tactics, techniques, and procedures (TTPs) across the Unified Kill Chain and MITRE ATT&CK frameworks. 

You’ll also support strategic intelligence functions, acting as a backup point of contact when needed to ensure continuity of intelligence delivery across our global CTI capability. 

Main Responsibilities:  

• Conduct advanced technical analysis of cyber threats using proactive and reactive intelligence methods. 

• Collect, enrich, and disseminate threat intelligence from internal telemetry, commercial sources, and OSINT. 

• Design and maintain automated intelligence workflows and integrations using APIs and scripting. 

• Track and analyse adversary infrastructure, malware, and campaigns relevant to QBE’s environment. 

• Continuously assess the evolving threat landscape to determine exposure, likelihood, and business impact. 

• Produce actionable intelligence outputs including indicator packages, threat actor profiles, and campaign assessments. 

• Translate complex technical findings into concise, risk-based intelligence for decision-making. 

• Collaborate with SOC, Detection Engineering, and Incident Response teams on purple-team exercises and threat-hunting. 

• Maintain trusted relationships with industry and intelligence communities. 

• Provide SME-level advice and challenge stakeholders using evidence-based reasoning. 

• Support the Strategic CTI Analyst with technical insights and act as backup PoC when needed. 

• Drive continuous improvement and automation across the CTI lifecycle. 

• Apply creative thinking to troubleshoot and enhance detection and intelligence workflows. 

• Demonstrate curiosity and self-drive in researching emerging techniques and technologies. 

• Actively contribute to CTI capability uplift through knowledge sharing and process improvement. 

• Use JIRA, Confluence, and other platforms to manage workflows and document intelligence findings. 

About You 

We’re looking for someone with a strong technical background in threat intelligence, incident response, or threat hunting, ideally within enterprise or global environments. You’ll be confident in analysing complex threats and communicating your findings clearly to both technical and non-technical audiences. 

You’ll ideally bring practical experience with threat intelligence platforms or automation tools, an understanding of cloud security architectures, and exposure to red, blue, or purple-team exercises. Experience developing intelligence-led detection content and operational playbooks would be a bonus. 

Skills You’ll Need:  

• Advanced understanding of attacker tools, techniques, and procedures. 

• Knowledge of security frameworks: OWASP, NIST, MITRE ATT&CK, Unified Kill Chain. 

• Proficient in risk analysis and information systems best practices. 

• Expertise in intelligence gathering and analysis tools, including OSINT. 

• Strong knowledge of malware analysis, IOC identification, and adversary behaviour. 

• Experience with API integrations, automation, and scripting. 

• Familiarity with enterprise security technologies (EDR, IDS/IPS, firewalls, proxies, packet analysis). 

• Experience using JIRA, Confluence, or similar tools. 

• Excellent communication and stakeholder management skills. 

• Strong analytical mindset and proactive problem-solving ability. 

• Experience working across globally distributed teams and time zones. 

• Qualifications: Tertiary degree in Cyber Security, Computer Science, or related discipline, or equivalent experience. Preferred certifications include:  1. SANS: GCTI, GCIH, GCIA, GPEN, GREM 2.(ISC)²: CISSP, CCSP, 3. CREST, OSCP, or equivalent 

Other Information 

Work Pattern: This is a global role that may require occasional early-morning or late-night meetings to align with international teams.