Threat Operations Analyst

Threat and Vulnerability Analysis

• Review and analyse threats risks and vulnerabilities surfaced by the
• Research Team and cyber detection pipelines.
• Validate the presence of exposed services (e.g. RDP SSH databases edge devices) using platforms such as Shodan Censys LeakIX and Nuclei scans.
• Evaluate security configurations to determine whether mitigating controls or compensating measures are in place.

Asset Verification and Attribution

• Confirm internet-facing asset ownership using WHOIS DNS lookups reverse- DNS checks TLS fingerprinting Shodan datasets and related OSINT techniques.
• Resolve attribution uncertainties ensuring customers only receive notifications for confirmed assets.

Customer Notification and Advisory Work

• Produce clear and concise security alerts including explanations of the issue affected assets recommended remediation steps and references to vendor guidance.
• Communicate directly with customers and brokers to explain findings clarify risks and guide remediation priorities where necessary.

Internal Collaboration and Escalation

• Act as a technical escalation point for Customer Support Underwriting and Claims teams.
• Investigate inbound queries relating to exposed services flagged vulnerabilities potential false positives or disputed asset ownership.
• Contribute technical insight to improve internal processes detection workflows and knowledge sharing across teams.

Operational Excellence

• Maintain a high standard of customer service ensuring communications are professional timely and approachable.
• Assist in tuning detection logic and improving the accuracy of vulnerability and exposure matching.
• Support the continuous improvement of intelligence capabilities and processes.

Required Skills and Knowledge

• Strong understanding of networking fundamentals (TCP/IP ports protocols common services).
• Familiarity with cyber security terminology (CVE CVSS threat actor TTPs exploitation lifecycle attack surface concepts).
• Hands-on experience using internet scanning or exposure assessment tools (e.g. Shodan Censys LeakIX Nuclei).
• Ability to interpret DNS records WHOIS data HTTP response headers and other OSINT artefacts.
• Able to break down complex technical issues into clear customer-friendly language.
• Proven track record in an MSSP SOC threat monitoring or security operations role.
• Experience triaging or validating vulnerabilities exposures misconfigurations or security alerts.

Certifications (Desired but Not Essential)

• CompTIA Security (or equivalent vendor-neutral foundational certifications).
• Other relevant certifications (e.g. Network CySA GIAC eLearnSecurity or similar) welcomed.