Threat Operations Analyst

Threat & Vulnerability Analysis

Review and analyze threats, risks, and vulnerabilities identified by CTRL and proactive detection pipelines
Validate exposed services such as RDP, SSH, databases, and edge devices using Shodan, Censys, LeakIX, and Nuclei
Evaluate security configurations to identify mitigating or compensating controls

Asset Verification & Attribution

Confirm internet-facing asset ownership using WHOIS, DNS and reverse-DNS, TLS fingerprinting, Shodan data, and OSINT techniques
Resolve attribution uncertainties to ensure customers receive notifications only for confirmed assets

Internal Collaboration & Escalation

Act as a technical escalation point for Customer Support, Underwriting, and Claims
Investigate queries related to exposed services, vulnerabilities, false positives, or disputed ownership
Provide technical input to improve processes, detection workflows, and cross-team knowledge sharing

Operational Excellence

Maintain a high standard of customer service with professional, timely communication
Assist in tuning detection logic and improving vulnerability and exposure accuracy
Support continuous improvement of CTRL intelligence capabilities and processes

Required Skills & Knowledge

Strong understanding of networking fundamentals, ports, protocols, and common services
Familiarity with cyber security concepts including CVE, CVSS, threat actor TTPs, exploitation lifecycle, and attack surfaces
Hands-on experience with internet scanning and exposure tools such as Shodan, Censys, LeakIX, and Nuclei
Ability to interpret DNS records, WHOIS data, HTTP headers, and OSINT artefacts
Skilled at translating complex technical issues into clear, customer-friendly language