NCC Group
Senior Analyst - Tactical Intelligence

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Senior Analyst - Tactical Intelligence
Senior Analyst - Tactical Intelligence
Department: Cyber Services and Capabilities Employment Type: Full Time **Location:**GBR Manchester (Hardman Boulevard) or UK (Manchester, Cheltenham, or London), Spain (Madrid), or the Netherlands (Rijswijk)
Role Overview
The purpose of this role is to strengthen the organisation’s cyber defence capabilities by generating high-quality, actionable threat intelligence. This position proactively identifies, analyses, and communicates emerging threats, including adversary behaviours, malware, and infrastructure, to inform detention, response, and strategic decision-making.
Operating across the full intelligence lifecycle, the role transforms complex technical findings into meaningful insights for both technical and non-technical stakeholders, enabling:
- Anticipating adversary activity
- Enhancing detection engineering
- Supporting incident response and intelligence-led security operations
- Driving continuous improvement through research, tooling development, collaboration, and active participation in the threat intelligence community.
Key Responsibilities
Threat Intelligence Analysis & Research
- Identify, track, and document threat actors, their Tactics, Techniques, and Procedures (TTPs), infrastructure, and Indicators of Compromise (IoCs) across the full intelligence lifecycle.
- Monitor and analyse Command & Control (C2) infrastructures, malicious domains, and emerging campaigns, providing context-rich assessments combining:
- Technical findings
- Geopolitical and regional context
- Map observed threat activity to frameworks such as MITRE ATT&CK and produce structured intelligence outputs (e.g., STIX/TAXII).
- Conduct technical malware analysis (static and dynamic) to:
- Extract configurations
- Identify capabilities
- Attribute activity to known threat actors
- Stay current with the evolving threat landscape by proactively identifying:
- Emerging threats
- Novel attack vectors
- Shifts in adversary tradecraft
Documentation & Reporting
- Produce high-quality finished intelligence products, including:
- Threat actor profiles
- Campaign analyses
- Technical advisories
- Tailored outputs for both technical and non-teckical audiences
- Document and report on:
- Malware behaviour
- TTPs
- IoCs (using internal TIP tooling for generation and dissemination)
- Contribute externally via:
- Blog posts
- Conference presentations
- Published research (highlighting significant findings)
- Respond to Requests for Information (RFIs) with timely, actionable intelligence
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
Tool Development & Detection Engineering
- Develop and maintain:
- Detection signatures (e.g., YARA rules) derived from malware analysis and research
- Optimise threat intelligence platforms, sources, and feeds for:
- Improved analysis efficiency
- Enhanced intelligence output quality
- Build scripts and tooling to automate:
- Intelligence collection
- Enrichment
- Dissemination tasks
- Evaluate and recommend new tools/platforms to strengthen the team’s capabilities
Collaboration & Information Sharing
- Mentor other analysts (supporting guidance on analytical tradecraft and technical methodology)
- Collaborate with DFIR and SOC teams to provide:
- Threat context
- Malware insights
- Intelligence support during investigations/incidents
- Generate detection leads from intelligence and malware analysis while maintaining a structured handoff process
- Support intelligence-led threat hunting by producing:
- Targeted threat assessments
- Hypotheses for the threat-hunting team (with active feedback loops)
- Partner with:
- External cybersecurity partners
- Information-sharing communities
- Industry forums to maintain situational awareness and contribute to collective defence
Requirements, Skills & Expertise
Core Skills & Experience
- Proven Cyber Threat Intelligence (CTI) experience, including:
- Threat actor tracking
- APT research
- C2 infrastructure analysis
- Strong understanding of:
- Cyber intelligence lifecycle
- Networking protocols (TCP/IP, DNS, and adversary use cases)
- MTRIE ATT&CK framework
- Structured intelligence formats (STIX/TAXII)
- Operational experience supporting/interfacing with DFIR and SOC teams
- Deep insight into offensive security reconnaissance and attacker methodologies


Get help with your application
Your very own career expert that helps elevate your application to the next level.
Desirable Skills & Experience
- Hands-on experience in malware triage-level analysis:
- Behavioural detection
- Sandbox detonation
- Basic static analysis (reverse engineering tool exposure is beneficial)
- YARA rule-development skills
- Scripting/programming familiarity (Python for analysis tools/automation)
- Knowledge of threat intelligence platforms (OpenCTI, MISP, or equivalents)
- Exposure to geopolitical risk impact on cyber threats
- Track record of public research (e.g., blog posts or conference presentations)
Certifications (Desired but Not Required)
- SANS FOR578 (Cyber Threat Intelligence)
- CREST CRTIA (Threat Intelligence Analyst)
- GREM Certification
- Equivalent cyber threat intelligence credentials
Organisational Values
- Focusing on Clients and Customers
- Working as One NCC
- Always Learning
- Being Inclusive and Respectful
- Delivering Brilliantly
Job Benefits
Working Conditions
- Flexible Working – Flexible schedules to balance work and personal life
- Generous Holiday Allowance:
- 25+ days per year
- Bank holidays included
- Option to buy up to 5 additional annual leave days
- Special Time Off for life milestones (e.g., marriage, becoming a grandparent, homecoming a new pet)
Health & Benefits
- Medicash & Critical Illness Scheme
- Wellbeing Support
Financial & Investment Benefits
- Pension scheme
- Life assurance
- Share Save Scheme
Community & Voluntary Initiatives
- Participation in community/volunteering programmes
Eco-Friendly Mobility
- Green Car Scheme (eco-friendly vehicles)
- Cycle-to-Work Scheme (health/mobility incentive)
Family Support
- Generous maternity/paternity leave
- Support for fertility treatment time off
- Holistic care resources
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills