Threat Intelligence Specialist to support large cybersecurity project with client in the public sector

Location: Hamilton, ON

Onsite 2 days/week - Tues/Wed MANDATORY - the schedule will alternate between two days onsite, then three days, and back to two days, and so on.

Hours: 35hr/wk

Contract: 4 Months + extension

The Threat Intelligence Specialist is responsible for collecting, analyzing, and operationalizing cyber threat intelligence to proactively defend the organization against internal and external threats. This role integrates intelligence from open sources, dark web monitoring, commercial feeds, insider threat signals, and executive protection risks to produce actionable intelligence that enhances detection, prevention, and strategic decision-making.

The role supports Security Operations, Incident Response, Digital Forensics, Executive Protection, Risk Management, and Leadership through high-quality intelligence products and automation-driven intelligence workflows.

Core Responsibilities

1. Open Source Intelligence (OSINT) & External Monitoring

• Conduct structured OSINT investigations across public sources including forums, social media, paste sites, code repositories, vulnerability databases, and security research publications.
• Monitor geopolitical developments, hacktivist activity, ransomware campaigns, and sector-specific threats.
• Track Indicators of Compromise (IOCs), threat actor infrastructure, and malware trends.
• Maintain awareness of emerging vulnerabilities and zero-day disclosures.

2. Dark Web & Deep Web Intelligence

• Monitor dark web marketplaces, encrypted communication platforms, data leak sites, and underground forums.
• Identify credential exposures, data dumps, corporate impersonation, and planned attacks targeting the organization.
• Perform safe and compliant dark web investigations using approved tools and operational security practices.
• Escalate credible threats for investigation or response.

3. Threat Intelligence Feeds & Platform Management

• Ingest and manage intelligence from commercial and open-source feeds.
• Maintain Threat Intelligence Platforms (TIPs) and integrate intelligence with SIEM, EDR, SOAR, and vulnerability management systems.
• Validate, enrich, deduplicate, and prioritize threat data.
• Apply structured intelligence formats (e.g., STIX/TAXII) for automation and sharing.

4. Insider Threat Monitoring & Analysis

• Support the Insider Threat Program by identifying behavioral, technical, and contextual risk indicators.
• Analyze anomalous access patterns, data exfiltration risks, privileged account misuse, and policy violations.
• Collaborate with HR, Legal, Privacy, and Security Operations to assess insider risk while maintaining confidentiality and compliance.
• Develop risk scoring models and intelligence-driven insider threat reporting.

5. Digital Forensics & Incident Response Support

• Provide intelligence context to active investigations and incident response efforts.
• Assist Digital Forensics teams with attribution insights, threat actor profiling, and infrastructure tracking.
• Correlate forensic artifacts with known adversary TTPs and campaigns.
• Support post-incident analysis and lessons-learned reporting.

6. Executive Protection & Digital Risk Monitoring

• Monitor threats directed at executives and senior leadership, including:
• Doxxing attempts
• Impersonation domains
• Social media threats
• Physical risk indicators linked to cyber intelligence
• Provide protective intelligence reports for executive leadership.
• Partner with Corporate Security / Physical Security teams for threat mitigation.
• Conduct digital footprint assessments for executives.

7. Threat Analysis & Intelligence Production

• Analyze adversary tactics, techniques, and procedures (TTPs).
• Apply frameworks such as MITRE ATT&CK and the Diamond Model to contextualize threats.
• Produce tactical, operational, and strategic intelligence reports.
• Deliver executive briefings tailored to leadership and technical teams.
• Translate complex intelligence into business risk language.

8. Automation & Intelligence Engineering

• Develop and maintain automation workflows to:
• Enrich IOCs
• Correlate intelligence feeds
• Reduce false positives
• Streamline alert triage
• Use scripting languages (Python, PowerShell) to automate data collection and analysis.
• Integrate threat intelligence into SOAR platforms for automated response.
• Continuously optimize intelligence processes through automation and analytics.
• Support AI-assisted threat intelligence analysis where applicable.

9. Collaboration & Cross-Functional Engagement

• Partner with SOC, Incident Response, GRC, Vulnerability Management, and IT teams.
• Provide intelligence-driven recommendations to detection engineering teams.
• Participate in tabletop exercises and threat simulations.
• Contribute to enterprise risk assessments and cybersecurity strategy development.

10. Work Schedule & On-Site Requirements

• Work schedule may include days, nights, weekends, and on-call support, particularly for maintenance activities, major incidents, or emergency response.
• Hybrid on-site requirement of approximately 50%, typically:
• 2 days on-site one week and 3 days on-site the following week
• Schedule may change at any time based on operational or incident-driven requirements.

11. Soft Skills

• Ability to translate technical and cyber concepts into financial insights
• Strong communication and stakeholder management skills
• Detail-oriented with strong investigative and problem-solving capabilities
• Ability to operate in fast-paced, risk-aware technology environments

12. Capacity-Based Services

This role provides capacity-based services to the CISO organization. As such, the scope of work, priorities, and responsibilities may evolve over time to address operational needs, emerging threats, regulatory requirements, and organizational initiatives. Additional duties may be assigned as required inclusive of the role to support cybersecurity/infrastructure resilience and service continuity.

13. Tools

As a Threat Intelligence Specialist, you’ll work with a broad range of tools and platforms that support collection, analysis, automation, correlation, and dissemination of threat data across multiple sources and formats. These tools help streamline workflows, enrich data, and integrate intelligence into security operations and response systems.

Qualifications

Education & Experience

• Bachelor’s degree in Cybersecurity, Computer Science, Intelligence Studies, or related field (or equivalent experience).
• 10+ years in threat intelligence, cyber investigations, security operations, or related domain.

Technical Expertise

• Strong understanding of:
• OSINT methodologies
• Dark web research techniques
• Threat actor ecosystems
• Insider threat principles
• Digital forensics fundamentals
• Experience with TIPs, SIEM, EDR/XDR, SOAR platforms.
• Familiarity with MITRE ATT&CK, STIX/TAXII, Diamond Model.
• Scripting and automation skills preferred.

Certifications (Preferred)

• GIAC Cyber Threat Intelligence (GCTI)
• CISSP
• GCFA / GCFE (Forensics)
• Certified Threat Intelligence Analyst (CTIA)
• OSINT certifications

Key Competencies

• Strong analytical and investigative mindset
• Ability to work with sensitive and confidential information
• Excellent written reporting and executive communication skills
• High ethical standards and discretion
• Ability to operate independently and in high-pressure environments