Rodeo
ResourcesPartnersSign in

NCC Group

Senior Analyst - Tactical Intelligence

Manchester
Posted 3 months ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

Senior Analyst - Tactical Intelligence

Senior Analyst - Tactical Intelligence

Department: Cyber Services and Capabilities Employment Type: Full Time **Location:**GBR Manchester (Hardman Boulevard) or UK (Manchester, Cheltenham, or London), Spain (Madrid), or the Netherlands (Rijswijk)


Role Overview

The purpose of this role is to strengthen the organisation’s cyber defence capabilities by generating high-quality, actionable threat intelligence. This position proactively identifies, analyses, and communicates emerging threats, including adversary behaviours, malware, and infrastructure, to inform detention, response, and strategic decision-making.

Operating across the full intelligence lifecycle, the role transforms complex technical findings into meaningful insights for both technical and non-technical stakeholders, enabling:

  • Anticipating adversary activity
  • Enhancing detection engineering
  • Supporting incident response and intelligence-led security operations
  • Driving continuous improvement through research, tooling development, collaboration, and active participation in the threat intelligence community.

Key Responsibilities

Threat Intelligence Analysis & Research

  • Identify, track, and document threat actors, their Tactics, Techniques, and Procedures (TTPs), infrastructure, and Indicators of Compromise (IoCs) across the full intelligence lifecycle.
  • Monitor and analyse Command & Control (C2) infrastructures, malicious domains, and emerging campaigns, providing context-rich assessments combining:
    • Technical findings
    • Geopolitical and regional context
  • Map observed threat activity to frameworks such as MITRE ATT&CK and produce structured intelligence outputs (e.g., STIX/TAXII).
  • Conduct technical malware analysis (static and dynamic) to:
    • Extract configurations
    • Identify capabilities
    • Attribute activity to known threat actors
  • Stay current with the evolving threat landscape by proactively identifying:
    • Emerging threats
    • Novel attack vectors
    • Shifts in adversary tradecraft

Documentation & Reporting

  • Produce high-quality finished intelligence products, including:
    • Threat actor profiles
    • Campaign analyses
    • Technical advisories
    • Tailored outputs for both technical and non-teckical audiences
  • Document and report on:
    • Malware behaviour
    • TTPs
    • IoCs (using internal TIP tooling for generation and dissemination)
  • Contribute externally via:
    • Blog posts
    • Conference presentations
    • Published research (highlighting significant findings)
  • Respond to Requests for Information (RFIs) with timely, actionable intelligence

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.

Tool Development & Detection Engineering

  • Develop and maintain:
    • Detection signatures (e.g., YARA rules) derived from malware analysis and research
  • Optimise threat intelligence platforms, sources, and feeds for:
    • Improved analysis efficiency
    • Enhanced intelligence output quality
  • Build scripts and tooling to automate:
    • Intelligence collection
    • Enrichment
    • Dissemination tasks
  • Evaluate and recommend new tools/platforms to strengthen the team’s capabilities

Collaboration & Information Sharing

  • Mentor other analysts (supporting guidance on analytical tradecraft and technical methodology)
  • Collaborate with DFIR and SOC teams to provide:
    • Threat context
    • Malware insights
    • Intelligence support during investigations/incidents
  • Generate detection leads from intelligence and malware analysis while maintaining a structured handoff process
  • Support intelligence-led threat hunting by producing:
    • Targeted threat assessments
    • Hypotheses for the threat-hunting team (with active feedback loops)
  • Partner with:
    • External cybersecurity partners
    • Information-sharing communities
    • Industry forums to maintain situational awareness and contribute to collective defence

Requirements, Skills & Expertise

Core Skills & Experience

  • Proven Cyber Threat Intelligence (CTI) experience, including:
    • Threat actor tracking
    • APT research
    • C2 infrastructure analysis
  • Strong understanding of:
    • Cyber intelligence lifecycle
    • Networking protocols (TCP/IP, DNS, and adversary use cases)
    • MTRIE ATT&CK framework
    • Structured intelligence formats (STIX/TAXII)
  • Operational experience supporting/interfacing with DFIR and SOC teams
  • Deep insight into offensive security reconnaissance and attacker methodologies

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job

Desirable Skills & Experience

  • Hands-on experience in malware triage-level analysis:
    • Behavioural detection
    • Sandbox detonation
    • Basic static analysis (reverse engineering tool exposure is beneficial)
  • YARA rule-development skills
  • Scripting/programming familiarity (Python for analysis tools/automation)
  • Knowledge of threat intelligence platforms (OpenCTI, MISP, or equivalents)
  • Exposure to geopolitical risk impact on cyber threats
  • Track record of public research (e.g., blog posts or conference presentations)

Certifications (Desired but Not Required)

  • SANS FOR578 (Cyber Threat Intelligence)
  • CREST CRTIA (Threat Intelligence Analyst)
  • GREM Certification
  • Equivalent cyber threat intelligence credentials

Organisational Values

  • Focusing on Clients and Customers
  • Working as One NCC
  • Always Learning
  • Being Inclusive and Respectful
  • Delivering Brilliantly

Job Benefits

Working Conditions

  • Flexible Working – Flexible schedules to balance work and personal life
  • Generous Holiday Allowance:
    • 25+ days per year
    • Bank holidays included
    • Option to buy up to 5 additional annual leave days
  • Special Time Off for life milestones (e.g., marriage, becoming a grandparent, homecoming a new pet)

Health & Benefits

  • Medicash & Critical Illness Scheme
  • Wellbeing Support

Financial & Investment Benefits

  • Pension scheme
  • Life assurance
  • Share Save Scheme

Community & Voluntary Initiatives

  • Participation in community/volunteering programmes

Eco-Friendly Mobility

  • Green Car Scheme (eco-friendly vehicles)
  • Cycle-to-Work Scheme (health/mobility incentive)

Family Support

  • Generous maternity/paternity leave
  • Support for fertility treatment time off
  • Holistic care resources

Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

Cyber threat intelligence
Threat actor tracking
APT research
C2 infrastructure analysis
Networking protocols
MITRE ATT&CK
STIX/TAXII
DFIR
SOC
Malware analysis
YARA rules
Python
OpenCTI
MISP
Geopolitical risk analysis

Location

Manchester, England, United Kingdom

Sign up to applySee more jobs like this