
S-RM · London
Who we are S-RM is a global intelligence and cyber security consultancy. Since 2005, we’ve helped some of the most demanding clients in the world solve some of...
Who we are
S-RM is a global intelligence and cyber security consultancy. Since 2005, we’ve helped some of the most demanding clients in the
world solve some of their toughest information security challenges.
We’ve been able to do this because of our outstanding people. We’re committed to developing sharp, curious, driven individuals who
want to think critically, solve complex problems, and achieve success.
But we also know that work isn’t everything. It’s about the lives and careers it helps us build. We’re immensely proud of this
culture and we invest in our people’s wellbeing, learning, and ideas every day.
We’re excited you’re thinking about joining us
Working in Cyber at S-RM
Our Cyber Security division is the fastest-growing part of S-RM. The cyber sector is always evolving, and our Incident Response
and Managed Services practices are in more demand than ever.
We’re building a team to meet this challenge. We’re quick to respond, innovate, and improve. We don’t get too hung up on
hierarchy or bureaucracy. If your ideas are good enough, we’ll empower you to implement them. If you’re the best person to talk
to a customer, you’ll get that opportunity, regardless of the title in your email signature. And when you need a hand, your team
will always have your back.
We also don’t believe there’s a typical cyber security professional. We’ve built a team of intelligence analysts, technical
specialists, software developers, investigators, risk managers, and more. You’ll always find a range of perspectives and
expertise to help you learn and grow.
If that sounds like your kind of team, we’d like to hear from you.
The role
Cyber Threat Intelligence (CTI) is an integral part of S-RM's Managed Services practice. As a CTI Analyst, you will work closely
with the Global Cyber Threat Intelligence Lead and Customer Success Managers to deliver high-value intelligence services to
web sources, and set up and deliver regular monitoring engagements for clients.
open-source intelligence across a growing portfolio of managed intelligence offerings.
and drafting client-facing reports.
techniques.
grow the practice.
Beyond these core responsibilities, you will be expected to stay current with threat intelligence developments and collaborate
closely with S-RM's Incident Response and Risk & Resilience teams where CTI adds value to their engagements. You will also work
alongside the Managed Detection and Response (MDR) and Attack Surface Management (ASM) teams to ensure unified service delivery
across all managed service offerings.
This role offers the opportunity to shape the development of S-RM's CTI services — working with the practice lead, managed service
teams, and technical development teams to identify opportunities for innovation and improvement. We will actively support your
professional growth, including opportunities to develop and share domain expertise through internal initiatives.
What we're looking for
Candidates with the following qualifications and experience are likely to succeed as Cyber Threat Intelligence Analysts at S-RM.
That said, if you don't think you meet all of the criteria below but are still interested in the role, please apply. Nobody checks
every box — we're looking for candidates who are particularly strong in a few areas and have some interest and capability in
others.
We nurture a culture of equality, diversity, and inclusion, and are dedicated to developing a workforce that reflects a variety of
talents, experiences, and perspectives.
reports. Candidates should be prepared to demonstrate strong writing ability (e.g., via a writing sample or assessment).
information, and to assess the credibility, reliability, and relevance of sources and data.
sources.
security terminology, and general threat actor motivations.
between tactical, operational, and strategic intelligence outputs.
as well as broader geopolitical, industry-specific, or emerging threats.
Science, International Relations or Security Studies, Intelligence Studies, Criminology, Cybersecurity, Data Science, or
related fields.
Shodan, Maltego, or similar tools) to collect, enrich, and analyse threat data from open, deep, and dark web sources.
actors communicate and operate in these spaces.
mitigations.
of widely-used frameworks such as MITRE ATT&CK, the Diamond Model, or the Cyber Kill Chain.
delivery, or a demonstrated willingness to develop this skill.
other languages relevant to cyber threat actor communities.
Successful candidates are likely to show the following personal attributes:
Relevant industry certifications are not required for this role. However, we value evidence of continued learning. The following
Participation in OSINT competitions (e.g., Trace Labs Search Party CTF) or contributions to open source research communities are
also welcomed as evidence of practical skill development.
Candidates must have permission to work in the UK by the start of their employment
Our benefits
We offer thoughtful, balanced rewards and support to help our people do their best work and live their lives outside of work. This
total);yes
The application process
We want to get to know you, and for you to get to know us, to see if we’d be a good fit. We are responsive and respectful of
To apply for this role, please submit a tailored cover letter and CV to: Job Application for Analyst, Cyber Threat Intelligence at
Vill du värna om Sverige och vår rätt att leva som vi själva väljer i en digitaliserad värld? Attacker över internet mot datorer och servrar sker världen över i allt större omfattning. Effekterna av en cyberattack kan få lika stora konsekvenser för samhällsviktiga funktioner som ett konventionellt väpnat angrepp. Försvarsmakten är en organisation i ständig utveckling för att alltid vara beredda att värna Sveriges okränkbara frihet. Vi är beredda att göra det som krävs, även i de svåraste av situationer. För att stärka vårt cyberförsvar söker Försvarsmakten nu tekniskt kunniga analytiker med genuint intresse av underrättelsetjänst. Vi söker dig som har viljan att aktivt bidra till Sveriges förmåga och fortsatta utveckling av cyberförsvarets analysarbete. Om befattningen Förmågan hos dagens hotaktörer inom cyberdomänen kräver ett modernt och innovativt analysarbete. Därför söker vi dig med erfarenhet och kompetens av analysarbete inom cyber. Med din kompetens och erfarenhet kommer du bidra till att förstå hur främmande makt genomför sina cyberoperationer. Du kommer att applicera principer och metoder inom analys för att producera underlag som kommer ligga till grund för kommande operationsplanering och beslut. I denna roll kommer du att ha inflytande över verksamhetens arbetsmetodik och vara med och påverka hur vi tar oss an våra uppgifter. Dina huvudsakliga arbetsuppgifter: upprätthålla kunskap om kvalificerade hotaktörer och sårbarheter bedriva inhämtning och omvärldsbevakning inom eget ansvarsområde bearbeta och strukturera information från stora datavolymer producera och delge aktuella analyser/beslutsunderlag med ett kvalificerat tekniskt djup rörande exempelvis sårbarheter och TTP:er inom funktionsområdet vidareutveckla metoder, verktyg och tekniker Kvalifikationer Officer (OF 1-3), specialistofficer (OR 6–8), för oss relevant civil högskoleutbildning eller motsvarande kunskaper förvärvade genom relevant arbetslivserfarenhet. Minst 1 års arbetslivserfarenhet av arbete i likvärdig roll. Erfarenhet inom cybersäkerhet, datornätverk, operativsystem, logganalys. Erfarenhet av extrahering, strukturering och analys av information. God förmåga att uttrycka dig i tal och skrift på svenska och engelska. Meriterande Dokumenterad erfarenhet av arbete inom Cyber Threat Intelligence, CTI. Erfarenhet av scriptning eller programmering. Erfarenhet av arbete inom t.ex. underrättelse- och säkerhetstjänst, brottsutredande myndighet eller en CERT. Kunskaper i andra språk utöver svenska och engelska. Personliga kvalifikationer För att lyckas i rollen krävs det att du är ansvarstagande och tar initiativ för att uppnå resultat. Vi ser också att du har en stark integritet, är lyhörd och arbetar med precision. Du är analytisk och genuint intresserad av cyberdomänen och omvärlden. Du kan på ett naturligt sätt växla mellan att arbeta i grupp och självständigt. Du är nyfiken, prestigelös och självgående utifrån vad situationen kräver och möjliggör. För att trivas behöver du ha ett högt säkerhetsmedvetande och tillämpa ett kritiskt och sakligt förhållningssätt i ditt arbete. Övrigt Du bör inte berätta att du sökt tjänst hos Försvarsmakten för andra personer än dina närmst berörda. Anledningen till att vi ber dig vara återhållsam med information är att det finns tjänster inom området som omfattas av sekretess. För anställning vid Försvarsmakten krävs svenskt medborgarskap och anställningen innebär nationell och internationell arbetsskyldighet. Arbete på annan ort samt beredskap och skiftarbete kan förekomma. Resor i tjänsten kan förekomma både nationellt och internationellt. Anställningsformen är tillsvidareanställning som inleds med sex månaders provanställning om du inte är anställd inom Försvarsmakten. Placeringsort för tjänsten är Stockholm. Tillträde sker enligt överenskommelse. Frågor om tjänsten mejlas till cyberintresse@mil.se Din ansökan vill vi ha senast 2/8 - 2026, ansökan med meritförteckning skickas till: cyberintresse@mil.se, ange referens 17435. Eller via brev till Försvarsmakten Högkvarteret/FST STRA Cyber, Att EWI, Lidingövägen 24, 107 85 Stockholm. Märk kuvertet "Ansökan" och ange annonsens referens. Ansökningar till denna befattning kommer endast tas emot via Försvarsmaktens webbplats. Information om det rekryterande förbandet: I Högkvarteret finns överbefälhavaren och generaldirektören. Högkvarteret har ungefär 1 000 medarbetare – både yrkesofficerare och civila experter. Högkvarteret utgörs från 2023-01-01 av försvarsstaben, operationsledningen, militära underrättelse- och säkerhetstjänsten, samt Högkvarterets stabsavdelning och fristående enheter för tillsyn. En anställning hos oss innebär placering i säkerhetsklass. Vanligtvis krävs svenskt medborgarskap. Säkerhetsprövning med registerkontroll kommer att genomföras före anställning enligt 3 kap i säkerhetsskyddslagen. Med anställning följer en skyldighet att krigsplaceras. I anställningen ingår även en skyldighet att tjänstgöra utomlands. Innebörden av detta varierar beroende på typ av befattning. Till ansökan om anställning ska CV och personligt brev bifogas. Om du går vidare i anställningsprocessen ska alltid vidimerade kopior av betyg och intyg uppvisas. Samtal från externa rekryteringsföretag och säljare undanbedes.
WPP is the trusted growth partner for the world’s leading brands. We unite cutting-edge media intelligence and data solutions, world-class creativity, next-generation production, transformative enterprise solutions and expert strategic counsel in a single company – powered by exceptional talent and our agentic marketing platform, WPP Open, to help our clients navigate change, capture opportunity and deliver transformational growth. We work with the world's most valuable brands and have global reach across 100+ markets, with deep local expertise. Our people are the key to our success. We're committed to fostering a culture of creativity, belonging and continuous learning, attracting and developing the brightest talent, and providing exciting career opportunities that help our people grow. For more information, visit WPP.com. Why we're hiring: The Threat Intelligence Engineer is responsible for engineering, operating, and continuously improving WPP’s cyber threat intelligence platforms, integrations, and enrichment pipelines. This role focuses on how threat intelligence is ingested, processed, correlated, and operationalised at scale across security operations. The position is an engineering-led individual contributor role with no people management responsibilities. What you'll be doing: * Engineer and maintain threat intelligence platforms and data sources. * Design ingestion pipelines for external, internal, and open-source intelligence feeds. * Maintain centralised repositories for indicators, threat actor artefacts, and metadata. * Integrate threat intelligence into SIEM, SOAR, EDR/XDR, email, identity, and cloud tooling. * Build enrichment pipelines linking incidents to threat actors, campaigns, and TTPs. * Partner with Automation Engineering to ensure intelligence is automation-first. * Provide engineered intelligence support to Incident Response during active incidents. * Enable Detection Engineering and Threat Hunting with structured intelligence outputs. * Support Vulnerability Management with intelligence on actively exploited vulnerabilities. * Build automation hooks between CTI platforms and SOAR workflows. * Enable safe, explainable intelligence use for agentic and automated decision support. * Improve intelligence delivery speed, accuracy, and signal-to-noise ratio. * Define and maintain engineering standards for CTI integrations. * Monitor feed efficacy and deprecate low-value intelligence sources. * Support audits, assurance, and documentation activities related to CTI. What you'll need: * Experience engineering or operating enterprise threat intelligence platforms. * Hands-on experience integrating CTI with SIEM, SOAR, or EDR/XDR. * Strong capability in APIs, data transformation, enrichment logic, and automation. * Solid understanding of threat intelligence concepts and operationalisation. * Experience with Google Threat Intelligence, Recorded Future, or similar platforms. * Familiarity with MITRE ATT&CK and threat-led detection models. * Experience supporting incident response or detection engineering teams. * Relevant certifications (GCTI, GCIA, GCED, cloud security certifications). * Fluent in written and spoken English. Who you are: You're open: We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views. We are open-minded: to new ideas, new partnerships, new ways of working. You're optimistic: We believe in the power of creativity, technology and talent to create brighter futures or our people, our clients and our communities. We approach all that we do with conviction: to try the new and to seek the unexpected. You're extraordinary: we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers of our industry; we provide extraordinary every day. What we'll give you: Passionate, inspired people – We aim to create a culture in which people can do extraordinary work. Scale and opportunity – We offer the opportunity to create, influence and complete projects at a scale that is unparalleled in the industry. Challenging and stimulating work – Unique work and the opportunity to join a group of creative problem solvers. Are you up for the challenge? #LI-Hybrid We believe the best work happens when we're together, fostering creativity, collaboration, and connection. That's why we’ve adopted a hybrid approach, with teams in the office around four days a week. If you require accommodations or flexibility, please discuss this with the hiring team during the interview process. WPP is an equal opportunity employer and considers applicants for all positions without discrimination or regard to particular characteristics. We are committed to fostering a culture of respect in which everyone feels they belong and has the same opportunities to progress in their careers. PLEASE READ OUR PRIVACY NOTICE (HTTPS://WWW.WPP.COM/EN/CAREERS/WPP-PRIVACY-POLICY-FOR-RECRUITMENT) FOR MORE INFORMATION ON HOW WE PROCESS THE INFORMATION YOU PROVIDE.
SENIOR CYBERSECURITY CONSULTANT (SOC), KUALA LUMPUR WHO WE ARE S-RM is a global intelligence and cyber security consultancy. Since 2005, we’ve helped some of the most demanding clients in the world solve some of their toughest information security challenges. We’ve been able to do this because of our outstanding people. We’re committed to developing sharp, curious, driven individuals who want to think critically, solve complex problems, and achieve success. But we also know that work isn’t everything. It’s about the lives and careers it helps us build. We’re immensely proud of this culture and we invest in our people’s wellbeing, learning, and ideas every day. We’re excited you’re thinking about joining us. WORKING IN CYBER AT S-RM Our Cyber Security team is the fastest-growing part of S-RM. The cyber sector is always evolving, and our Managed Services, Risk & Resilience, and Incident Response practices are in more demand than ever. We’re building a team to meet this challenge. We’re quick to respond, innovate, and improve. We don’t get too hung up on hierarchy or bureaucracy. If your ideas are good enough, we’ll empower you to implement them. If you’re the best person to talk to a customer, you’ll get that opportunity, regardless of the title in your email signature. And when you need a hand, your team will always have your back. We also don’t believe there’s a typical cyber security professional. We’ve built a team of intelligence analysts, technical specialists, software developers, investigators, risk managers, and more. You’ll always find a range of perspectives and expertise to help you learn and grow. If that sounds like your kind of team, we’d like to hear from you. THE ROLE Our Security Operations Centre is a critical part of our Cybersecurity division’s success. As a Senior Cybersecurity Consultant (SOC), you will add your cybersecurity expertise in a vital delivery role to our managed detection and response services. In this role, you will leverage the infrastructure and tools that power our Security Operations Centre (SOC) to deliver desired security outcomes for our managed services clients, with a particular focus on those in the APAC region. The ideal candidate will be highly proficient in using security platforms such as SIEM, SOAR, EDR, and other advanced security technologies. You will have experience leading other analysts or sub-teams in a SOC environment and be comfortable acting as a point of escalation. As an Associate, you will be responsible for high-level incident management, process improvement, and mentoring junior analysts. You will also take on formal line management responsibility for our SOC team based in Kuala Lumpur, overseeing their day-to-day performance, development, and wellbeing. This hybrid role involves both remote work and some in-office presence for collaboration, teamwork and development projects. In APAC we have office premises in Hong Kong, Singapore and Malaysia. Delivery * Cyber-Security Operations: Contribute to day-to-day SOC team-related activities, ensuring efficient monitoring, detection, and response to security threats across our clients’ estates. * Line Management: Manage the SOC analyst team in our Kuala Lumpur office, including conducting regular one-to-ones, performance reviews, and development planning; managing shift scheduling and resourcing; and acting as the first point of contact for team escalations and welfare. * Monitor Security Events: Continuously monitor and analyse security alerts from EDR, SIEM and other security tools to detect suspicious activities or potential threats. * Incident Response: Conduct investigations and respond to security incidents, executing containment, mitigation, and remediation steps as necessary. * Threat Detection: Use expertise to tune detection rules, automate workflows, and improve incident detection accuracy. * Log Analysis: Perform in-depth log analysis from firewalls, endpoint protection platforms, and other solutions to investigate complex incidents. * Incident Reporting and Documentation: Ensure all incidents are thoroughly documented, including timelines, analysis, mitigation steps, and lessons learned, and deliver regular reports to stakeholders. * Global Delivery Role: Act as second line escalation and support to the on-shift SOC Analysts in our 24x7 SOC team. * APAC Regional Client Focus: Support onboarding and service request activity for our regional MDR clients. * Threat Hunting: Proactively search for indicators of compromise (IoCs) and advanced threats within the environment, utilising both automated tools and manual analysis. * Threat Intelligence: Stay up to date on the latest cybersecurity threats, vulnerabilities, and attack techniques, and integrate threat intelligence into detection and response efforts. * Team Development: Provide guidance and mentorship to junior SOC analysts, fostering skill development and ensuring adherence to security best practices. Growth of the service * Continuous Improvement: Collaborate with the SOC team to develop and implement SOC strategies, improve processes, and introduce new technologies to strengthen our clients’ security posture. * Collaboration: Collaborate with SOC analysts, security engineers, and IT teams to ensure seamless operation of security tools and alignment with broader cybersecurity practices. * Security Enhancements: Identify areas for improvement in security monitoring and response capabilities, proposing and assist with implementing new solutions where appropriate. * New Clients: Our MDR service is growing quickly, you will be assisting with onboarding and configuring SOC services and technology for new customers. * Collaborating with Global Teams: Work closely with other cyber security service lines to ensure seamless integration of SOC operations with our broader cybersecurity initiatives and business units, especially Incident Response. * Contributing to Internal Technical Development Initiatives: When the schedule allows, you will have opportunities to participate in and contribute to internal technical development initiatives, enhancing our tools, processes, and overall incident response capabilities. WHAT WE’RE LOOKING FOR Candidates with the following qualifications and experience are likely to succeed in our Managed Services practice at S-RM. That said, if you don’t think you meet all the criteria below but still are interested in the job, please apply. Nobody checks every box—we’re looking for candidates that are particularly strong in a few areas and have some interest, capabilities and willingness to learn in others. We nurture a culture of equality, diversity and inclusion and we are dedicated to developing a workforce that displays a variety of talents, experiences and perspectives. We’re looking for: * Qualifications: A Bachelors or Masters degree in a relevant subject, for example cybersecurity, computer science; relevant industry certifications are advantageous, including any of the following or evidence of working towards attaining these: Blue Team, CISSP, Security+. * Experience: 3+ years of experience in a SOC or cybersecurity operations role, with demonstrated team leadership / supervisory experience. * Technical Expertise: Strong understanding of EDR and Secops toolsets - with experience configuring and leveraging these tools for incident detection and response. * Leadership: Proven line management experience, ideally within a SOC environment, including performance management, coaching, and developing analysts at different career stages; good communication and team-building skills. * Customer Minded: We put our clients at the heart of everything we do, going the extra mile for them will be second nature to you. You should be comfortable in client facing situations and able to discuss cybersecurity issues in customer-friendly language. * Approach: An investigative mindset. You should be comfortable solving problems with limited information and guidance and be curious to learn. * Reliability: Our customers depend on us to manage their security and provide cyber-resilience; you must be dependable. * Personal Interest: Some demonstrable knowledge of cyber threat actors, and their tactics, techniques, and interest in cybersecurity matters, security monitoring and threat detection techniques.. * Communication: Clear and concise communication skills, with the ability to work effectively across teams; you should be able to communicate your technical findings for a non-technical audience in a professional setting. Able to vet and quality assure incident reports and summaries. The successful candidate must have permission to work in Malaysia by the start of their employment. To apply for this role, please submit an up-to-date CV through this link: Job Application for Senior Cybersecurity Consultant (SOC) at S-RM