Cyber Threat Intelligence Analyst
Role details
Job location
Tech stack
Job description
The Information Security (InfoSec) team is responsible for protecting the organization's information, systems, and data from security threats. The team delivers security services that help identify, prevent, detect, and respond to cyber risks while supporting business and regulatory requirements.
The Role (Cyber Threat Intelligence Analyst):
Monitor and analyse the latest threat actor tactics, techniques and procedures (TTPs), mapping them to WTW's technology estate to understand exposure and likely attack paths.
Develop, maintain and continuously improve intelligence collection requirements and methods (including OSINT, vendor feeds and internal telemetry) to meet WTW's evolving threat intelligence needs.
Produce clear, evidence-based assessments on cyber threats, campaigns, threat actors and relevant external incidents, translating findings into operational impact and detection opportunities.
Conduct open-source intelligence (OSINT) collection and analysis to identify emerging threats, malicious infrastructure (e.g., domains, IPs, hashes), vulnerabilities and relevant exploit activity.
Use threat intelligence platforms and analytical techniques to investigate and triage suspected security events, enriching alerts with context, attribution hypotheses and confidence levels.
Create and deliver timely written and verbal intelligence products for technical and non-technical stakeholders (e.g., briefs, alerts, executive summaries and dashboards).
Act as a subject matter expert on cyber threats, partnering with SOC, incident response and engineering teams to inform detection engineering, threat hunting and security improvements.
Support rapid response to cyber incidents by providing actionable intelligence, scoping guidance, and containment/mitigation recommendations to reduce risk and downtime.
Maintain and curate relevant indicators and reporting to help strengthen WTW's security posture, prioritise defensive actions, and measure threat trends over time.
Requirements
Skills & Certifications
- Experience working in a dynamic, multi-location team environment.
- Proven ability to prioritise and multitask, managing communications with multiple stakeholders in parallel.
- Understanding of complex, fast-changing IT control environments across identity and access, change management, IT operations, cybersecurity and governance.
Behaviours:
- Resourcefulness and organizational agility
- Problem Solving
- Delivery focused
- Strong communications and stakeholder management, * Educated to degree level (or equivalent experience) in cyber security, computer science, intelligence analysis, or a related discipline.
- Experience operating within a global, regulated organisation (e.g., financial services), with awareness of risk, compliance and operational resilience expectations.
- Demonstrable experience producing intelligence outputs (briefs, advisories, assessments) for both technical and senior audiences.
- Strong analytical and problem-solving skills, including the ability to assess confidence, validate sources, and communicate uncertainty.
- Experience collaborating with SOC/threat hunting/incident response to turn intelligence into detections, investigations and mitigations.
- Excellent written and verbal communication skills with strong stakeholder management across multiple time zones.
- Advance level of English and Spanish (valued)
- Residence in Spain is required, with availability to work in a hybrid model and to attend the Madrid office on an occasional basis, in line with business needs.
- Candidates must have the right to work in Spain, as visa sponsorship is not available for this position.
