2 Threat Intel Jobs

1 Role title: Cyber Security Architect Grade Required Qualifications Advanced degree in Computer Science 5+ years of cyber security engineering experience Any of the following: CISSP, CISM, CEH along with Azure, GCP or AWS certifications Experience with security tools and technologies (e.g., firewalls, IPS, Email Security, SOAR, Threat Intel, SIEM, DLP, EDR, encryption, etc.). Experience in global manufacturing, pharma, and/or a life sciences company Summary of Role Duration Key responsibilities Required skills The Security Architect role is a pivotal position within the Cyber Security Office, reporting directly to the Security Architecture Lead. This role offers an exciting opportunity to collaborate with cross-functional teams from IT, Cyber Security, and Business Units to architect and design robust security solutions that effectively protect organisation's enterprise networks from evolving cyber threats. As an individual contributor, you will focus on strategic design and innovation, ensuring that our security strategies align with industry standards and best practices such as TOGAF, SABSA, Purdue, and NIST frameworks. This role is designed for individuals who are passionate about cybersecurity, possess strong expertise in security, and are eager to make a significant impact on organisation's security posture Drive the strategic design and implementation of innovative security solutions and controls Stay at the forefront of industry standards, regulations, and best practices related to IT and OT security, ensuring continuous improvement Generate comprehensive documentation, certification, and testing protocols for the deployment of new security solutions Continuously monitor and analyze current cybersecurity threats, trends, and emerging technologies to inform strategic security initiatives Work closely with engineering and architecture teams to ensure security requirements are integrated into all phases of the system development lifecycle Define and implement advanced security configurations, policies, and procedures for IT and OT assets and systems Effectively communicate with stakeholders at all levels, translating complex technical concepts into actionable security strategies Support the development and implementation of security architectures across various domains, including data security, AI, cloud, network security, monitoring detection and response, threat, risk, vulnerability asset and configuration management, and platform security Conduct security assessments and gap analyses to identify and mitigate security risks Provide technical guidance and mentorship to security engineers and other team members Perform assessments of capabilities and tools to ensure alignment with GSK business and security needs Assist with product Proof of Concept (POC) evaluations to validate security solutions Create and execute test plans to rigorously evaluate security controls and document results to provide unbiased outcomes that demonstrate alignment with GSK business and security needs in a seamless manner Proven experience in developing security strategies and reference architectures Familiarity with TOGAF, SABSA, or Purdue Enterprise Reference Architecture Experience in designing and deploying network security controls and solutions Extensive knowledge of security technologies, including encryption, authentication, authorization, security protocols, data and privacy, AI/ML, and application development Strong communication and interpersonal skills, ability to effectively manage stakeholders Proficiency in writing, developing, and maintaining technical documentation, including security standards, strategies, and implementation plans Ability to prioritize and filter actions to focus on those with significant impact on the program Capability to work with multiple stakeholders to promote practical solutions to complex security problems Excellent problem-solving and analytical skills, with the ability to work under pressure Hands-on experience in at least three of the following security domains: data security, AI, cloud, network security, monitoring detection and response, threat, risk, vulnerability asset and configuration management, or platform security Experience with threat modeling and risk assessment methodologies Experience in security automation and orchestration Knowledge of AI and machine learning security considerations Understanding of regulatory requirements/industry standards (e.g., GDPR, HIPAA, PCI)

Investigate, hunt, and lead escalated incident response using advanced threat detection from SIEM, EDR, NDR platforms. Develop and manage custom detection use cases aligned to threat frameworks and customer environments. Key Responsibilities: Monitoring, Investigation & Triage Triage and correlate alerts from SIEM (QRadar/Sentinel), EDR, and NDR Identify lateral movement, C2 activity, and data exfiltration Lead incident investigations and initiate containment measures Threat Hunting & Detection Engineering Proactive hunting using logs, flow data, and behavior analytics Apply MITRE ATT&CK for hypothesis-driven hunts Develop, test, and optimize custom detection rules Maintain a backlog aligned with emerging threats Tool Proficienc y SIEM: Advanced KQL/AQL queries, rule tuning, alert optimization EDR: Defender for Endpoint binary/process analysis, endpoint containment NDR: Darktrace/LinkShadow behavioral baselining, detection logic SOAR: Sentinel Playbooks / Cortex XSOAR for automated workflows Cloud Security: Azure AD alerts, MCAS, Defender for Cloud, M365 Defender Threat Intelligence Integration IOC/TTP enrichment Threat intel feed integration Contextual alert correlation Reporting & RCA Draft technical incident reports and RCAs Executive-level summaries for major incidents Cloud Security (Optional): Investigate alerts like impossible travel, app consent abuse Respond to cloud-native security incidents using Defender for Cloud, MCAS Create advanced SOAR workflows and playbook Tool Familiarity QRadar Microsoft Sentinel Microsoft Defender for Endpoint LinkShadow or Darktrace EOP/Exchange protection Antivirus platforms Defender for Identity / Defender for Cloud Advanced SOAR workflows (Sentinel playbooks / Cortex XSOAR) Network forensic tools like Wireshark / Zeek Certifications (Preferred): GCIH / GCIA / CEH Microsoft SC-200 / SC-100 QRadar Admin or equivalent Shift Readiness: 24x7 rotational shifts, including on-call support for escalations and major incidents Soft Skills: Strong analytical and documentation skills Proactive communicator Independent problem-solver and critical thinker