Threat Intelligence Analyst

Nomios's mission is to build a secure and connected future. Organisations across Europe depend on us to help secure and connect their digital infrastructures and understand how they are being observed and targeted from the outside.

As part of our continued UK growth, we are seeking a Threat Intelligence Analyst to strengthen our Threat Intelligence and Vulnerability/Exposure (TI & VOC) capability and deliver high-impact threat analytics, attack path insights, and intelligence reporting to customers. This is a hands-on analytical role focused on investigating adversary activity, identifying patterns, mapping attack paths, and turning complex internal and external telemetry into clear, actionable intelligence that improves detection, response, and security hardening.

You will sit within the Threat Intelligence/VOC division of our Security Operations team, working closely with the 24x7 SOC and Engineering teams and reporting to the Lead Threat Intelligence Analyst. You will also help shape how Nomios collects and operationalises its proprietary threat intelligence and IOC data to create real advantage for customers.

The role provides broad exposure to leading threat intelligence and security technologies, access to dedicated labs and proprietary TI/IOC platforms, and opportunities for training, certification, and collaboration across the wider Security Operations team.

Key Responsibilities Deliver

• Conduct deep-dive analysis of threat campaigns and intrusions using internal telemetry, external intelligence, and Nomios's proprietary TI/IOC platforms to assess attacker intent, capability, and likely next steps.

• Enrich investigations using commercial and open-source intelligence to improve confidence and precision.

• Reconstruct attack paths across endpoint, identity, network, and cloud environments to identify detection gaps, choke points, and lateral movement routes.

• Build and maintain high-fidelity IOCs, behavioural analytics, and watchlists for SIEM, XDR, SOAR, and VOC tooling, with clear context and confidence.

• Curate and refine IOC collection from multiple sources, ensuring coverage, quality, and de-duplication.

• Apply data analytics techniques to uncover non-obvious relationships and communicate findings clearly through visuals and narrative.

• Produce concise, opinionated intelligence reports with practical recommendations.

Collaborate

• Work closely with SOC Engineering and Operations to operationalise high-value IOCs, detections, and hunt leads.

• Partner with VOC to link vulnerabilities to real-world adversary use and practical attack paths.

• Represent the "threat voice" in customer briefings, translating adversary behaviour into clear, risk-focused insights for technical and executive audiences.

• Inform and shape TI collection priorities based on investigative findings and emerging gaps.

Improve

• Identify and implement automation for collection, enrichment, clustering, tagging, and routing of intelligence.

• Promote analytical rigor through clear sourcing, explicit confidence levels, and tight writing.

• Help evolve TI & VOC lab environments by developing new workflows, pivot methods, and visualisations for understanding complex attack paths.

• 2+ years in vulnerability/exposure management

  or 3+ years in structured technical research

  or 4+ years in analytical OSINT, research, or data analysis roles with a strong reporting component.

• Demonstrated "analyst-first" mindset: comfortable with ambiguity, able to identify patterns, and confident articulating uncertainty and alternative hypotheses.

• Good understanding of modern attacker tradecraft, including common intrusion routes (phishing, web entry points, identity abuse, supply chain) and how these unfold in hybrid environments.

• Working familiarity with frameworks such as MITRE ATT&CK and the Diamond Model as analytical aids rather than checklists.

• Experience with SIEM, XDR, EDR, or log analytics platforms, and how intelligence is translated into detections, hunts, and cases.

• Hands-on experience with threat intelligence and OSINT platforms, with the ability to pivot across multiple datasets during investigations.

• Strong data skills, including basic scripting and query languages to filter, manipulate, and correlate large datasets of events and indicators.

• Clear written and verbal communication skills, able to translate technical analysis into concise, customer-ready narratives.

• Ability to manage competing priorities under pressure while maintaining accuracy and attention to detail.

• Eligibility for SC or DV clearance is highly desirable.

Job Specifics

• This is a hybrid role requiring regular attendance at our Basingstoke office.

• Full-time, Monday to Friday, 9:00am-5:30pm.

• There is no on-call requirement for this position.

Why would you choose to come and work with us?

We invest in our people. You will get to work in a dynamic, fast-paced environment where you are free to use your initiative in support of our strategic objectives. You will work alongside high calibre sales, technical, and operational experts as part of a supportive, tight-knit team, within which every individual has an important part to play and makes a real difference.Nomios offers a highly competitive salary along with industry-leading benefits.

Nomios is an equal opportunity employer and is committed to creating and sustaining an environment in which everyone is provided with an equal opportunity to grow and develop, and no individual will be unjustly discriminated against. This includes, but is not limited to, discrimination because of age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion and belief, sex and sexual orientation.