Threat Operations Analyst
Threat & Vulnerability Analysis
- Review and analyse threats, risks, and vulnerabilities identified by CTRL and proactive detection pipelines
- Validate exposed services such as RDP, SSH, databases, and edge devices using Shodan, Censys, LeakIX, and Nuclei
- Evaluate security configurations to identify mitigating or compensating controls
Asset Verification & Attribution
- Confirm internet-facing asset ownership using WHOIS, DNS and reverse-DNS, TLS fingerprinting, Shodan data, and OSINT techniques
- Resolve attribution uncertainties to ensure customers receive notifications only for confirmed assets
Customer Notification & Advisory Work
- Produce clear security alerts outlining issues, affected assets, remediation guidance, and vendor references
- Communicate directly with customers and brokers to explain findings, clarify risk, and priorities remediation
Internal Collaboration & Escalation
- Act as a technical escalation point for Customer Support, Underwriting, and Claims
- Investigate queries related to exposed services, vulnerabilities, false positives, or disputed ownership
- Provide technical input to improve processes, detection workflows, and cross-team knowledge sharing
Operational Excellence
- Maintain a high standard of customer service with professional, timely communication
- Assist in tuning detection logic and improving vulnerability and exposure accuracy
- Support continuous improvement of CTRL intelligence capabilities and processes
Required Skills & Knowledge
- Strong understanding of networking fundamentals, ports, protocols, and common services
- Familiarity with cyber security concepts including CVE, CVSS, threat actor TTPs, exploitation lifecycle, and attack surfaces
- Hands-on experience with internet scanning and exposure tools such as Shodan, Censys, LeakIX, and Nuclei
- Ability to interpret DNS records, WHOIS data, HTTP headers, and OSINT artefacts
- Skilled at translating complex technical issues into clear, customer-friendly language