Threat Operations Analyst
Threat & Vulnerability Analysis
· Review and analyse threats, risks, and vulnerabilities identified by CTRL and proactive detection pipelines
· Validate exposed services such as RDP, SSH, databases, and edge devices using Shodan, Censys, LeakIX, and Nuclei
· Evaluate security configurations to identify mitigating or compensating controls
Asset Verification & Attribution
· Confirm internet-facing asset ownership using WHOIS, DNS and reverse-DNS, TLS fingerprinting, Shodan data, and OSINT techniques
· Resolve attribution uncertainties to ensure customers receive notifications only for confirmed assets
Customer Notification & Advisory Work
· Produce clear security alerts outlining issues, affected assets, remediation guidance, and vendor references
· Communicate directly with customers and brokers to explain findings, clarify risk, and priorities remediation
Internal Collaboration & Escalation
· Act as a technical escalation point for Customer Support, Underwriting, and Claims
· Investigate queries related to exposed services, vulnerabilities, false positives, or disputed ownership
· Provide technical input to improve processes, detection workflows, and cross-team knowledge sharing
Operational Excellence
· Maintain a high standard of customer service with professional, timely communication
· Assist in tuning detection logic and improving vulnerability and exposure accuracy
· Support continuous improvement of CTRL intelligence capabilities and processes
Required Skills & Knowledge
· Strong understanding of networking fundamentals, ports, protocols, and common services
· Familiarity with cyber security concepts including CVE, CVSS, threat actor TTPs, exploitation lifecycle, and attack surfaces
· Hands-on experience with internet scanning and exposure tools such as Shodan, Censys, LeakIX, and Nuclei
· Ability to interpret DNS records, WHOIS data, HTTP headers, and OSINT artefacts
· Skilled at translating complex technical issues into clear, customer-friendly language