Threat Intelligence Analyst

Choosing Capgemini means choosing a company where you will be empowered to shape your career in the way you’d like, where you’ll be supported and inspired by a collaborative community of colleagues around the world, and where you’ll be able to reimagine what’s possible.

Join us and help the world’s leading organizations unlock the value of technology and build a more sustainable, more inclusive world.

No matter what moment of life we are in, we are DIVERSE in age, gender, nationality, family… we have been certified in Diversity and as an ETHICAL company more than 9 years in a rowI

t doesn't matter if you are living your growth stage in life, LEARNING and TRAINING at all hours or if you need to consolidate yourself and appreciate FLEXIBILITY, CONCILIATION and tax and social BENEFITS to combine your personal and professional life. What really matters is that you can feel that you are WHERE YOU SHOULD BE to get the future you want.

What will you do in the project?

Threat Intelligence Analyst L2

We are looking for a system admin engineer, with skills in:

Threat Hunting/Threat Intelligence real experience of at least 3 years.

A hybrid profile between Threat Hunting and Threat Intelligence Analyst with over 12 months of experience in cybersecurity operations, specializing in proactively looking for signs of attackers inside an organization’s environment—before alerts, incidents, or damage occur. Unlike traditional security roles that react to alarms, threat hunters assume compromise and actively search for hidden or stealthy threats.

A Threat Hunting Analyst must focus on searching for malicious behaviour that automated tools may miss, using human intuition, context, and hypotheses rather than waiting for alerts, in order to find advanced, persistent, and stealthy attackers

Adept at monitoring the evolving threat landscape and identifying potential risks to the organization by leveraging a variety of open-source intelligence (OSINT) tools, proprietary threat intelligence platforms (TIPs), and commercial feeds. This role must provide deep insights into identifying Indicators of Compromise (IoCs), analysing adversary tactics, techniques, and procedures (TTPs), and working in close collaboration with Security Operations Centres (SOC) and Incident Response teams to ensure timely detection and response to potential threats.

Key responsibilities

- Proactively conduct threat hunts to identify malicious activity that bypassed automated detections, reducing attacker dwell time
- Develop hypothesis-driven hunts based on adversary tactics, techniques, and procedures (TTPs) using the MITRE ATT&CK framework
- Analyse endpoint, network, authentication, and log telemetry to detect indicators of compromise (IOCs) and anomalous behaviour
- Investigate suspicious activity involving credential misuse, lateral movement, persistence mechanisms, and living-off-the-land techniques
- Correlate data across SIEM, EDR/XDR, and network security tools to validate potential threats and scope impact
- Leverage threat intelligence reports and internal telemetry to identify emerging attacker behaviours relevant to the environment
- Threat Intelligence Gathering & Analysis: Collect, evaluate, and analyse cyber threat data from various sources, including open-source, commercial, and internal threat feeds.
- Provide relevant intelligence reports to key stakeholders.
- Threat Reporting & Dissemination: Generate timely and actionable intelligence reports that outline emerging threats, vulnerabilities, and mitigation strategies. Maintain up-to-date threat landscape briefings for SOCs and Incident Response teams.
- Support to Incident Response: Assist Incident Response teams by providing intelligence on Indicators of Compromise (IoCs), threat actors, tactics, techniques, and procedures (TTPs) observed in real-time events or historical incidents.
- Tactical Threat Analysis: Identify patterns and trends in threat data to predict future attack vectors and recommend security improvements to the organization.
- Maintaining Threat Intelligence Platforms: Operate, manage, and enhance the organization’s threat intelligence platforms (e.g., ThreatConnect, Anomali, Recorded Future) to optimize data collection and analysis.
- Escalate confirmed malicious activity to incident response teams with detailed findings, timelines, and supporting evidence
- Support incident investigations by providing root cause analysis and attacker activity reconstruction
- Identify detection and logging gaps and collaborate with detection engineering teams to improve alert coverage and visibility
- Tune existing security detections to reduce false positives and improve signal quality
- Document hunt methodologies, findings, and lessons learned to enable repeatable and scalable threat hunting processes
- Collaborate with SOC analysts, incident responders, and infrastructure teams to improve overall security posture

Technical Skills

- Windows, Linux, and macOS internals
- Networking fundamentals
- Malware behaviour
- Scripting and automation
- Security Information & Event Management (SIEM): Familiarity with SIEM tools (e.g., Splunk, QRadar) for correlating threat data with security events.
- Cyber Threat Intelligence (CTI) Frameworks: Knowledge of key threat intelligence frameworks such as MITRE ATT&CK, Lockheed Martin Cyber Kill Chain, and Diamond Model.
- Malware Analysis & Reverse Engineering: Basic understanding of malware analysis techniques, including static and dynamic analysis to identify IoCs.
- Threat Research & Open-Source Intelligence (OSINT): Proficiency in gathering intelligence from open-source platforms, dark web, and various threat feeds.
- Threat Intelligence Platforms (TIPs): Experience with using and integrating Threat Intelligence Platforms (e.g., MISP, Anomali, ThreatConnect) to enrich security operations.
- Network & Endpoint Forensics: Basic experience with network traffic analysis and endpoint detection tools to correlate intelligence with ongoing attacks.
- Understanding of IoCs & TTPs: Ability to identify, report, and use IoCs and TTPs within broader threat analysis

Location: Málaga / Asturias.

We are looking for someone with high skills in scripting as well, very motivated and with a good level of English (at least a B2 spoken level)

Shift & On calls. Availability to work on-call, on holidays and ousite of business hours

The position is mostly on site (south Madrid). Could be delivered from home 1d a week

We want someone curious, with the right mindset, ready to learn, and to seek for opportunities working for a important client.

We will evaluate all applications. At Capgemini we have a wide range of training, face-to-face, online Certifications, etc. Even if you do not have 100% of the previous requirements, we would love to meet you

Capgemini is a global leader in partnering with companies to transform and manage their business by harnessing the power of technology. The Group is guided everyday by its purpose of unleashing human energy through technology for an inclusive and sustainable future. It is a responsible and diverse organization of over 360,000 team members in more than 50 countries. With its strong 55-year heritage and deep industry expertise, Capgemini is trusted by its clients to address the entire breadth of their business needs, from strategy and design to operations, fuelled by the fast evolving and innovative world of cloud, data, AI, connectivity, software, digital engineering and platforms. The Group reported in 2022 global revenues of €22 billion.

Apply now