Cyber Threat Intelligence Analyst

Description

WTW (NASDAQ: WTW) is in the business of people, risk and capital. With roots dating to 1828, our company has over 54,000 colleagues serving more than 140 countries and markets. Our values – client focus, teamwork, integrity, respect and excellence – underlie all that we do, including how we behave and interact with each other. They are part of our WTW DNA. We design and deliver solutions that manage risk, optimize benefits, cultivate talent, and expand the power of capital to protect and strengthen institutions and individuals. Our unique perspective allows us to see the critical intersections between talent, assets, and ideas — the dynamic formula that drives business performance. Together, we unlock potential. We are located on the internet at wtwco.com

About the team:

The Information Security (InfoSec) team is responsible for protecting the organization's information, systems, and data from security threats. The team delivers security services that help identify, prevent, detect, and respond to cyber risks while supporting business and regulatory requirements. 

The Role (Cyber Threat Intelligence Analyst):

Monitor and analyse the latest threat actor tactics, techniques and procedures (TTPs), mapping them to WTW’s technology estate to understand exposure and likely attack paths.

Develop, maintain and continuously improve intelligence collection requirements and methods (including OSINT, vendor feeds and internal telemetry) to meet WTW’s evolving threat intelligence needs.

Produce clear, evidence-based assessments on cyber threats, campaigns, threat actors and relevant external incidents, translating findings into operational impact and detection opportunities.

Conduct open-source intelligence (OSINT) collection and analysis to identify emerging threats, malicious infrastructure (e.g., domains, IPs, hashes), vulnerabilities and relevant exploit activity.

Use threat intelligence platforms and analytical techniques to investigate and triage suspected security events, enriching alerts with context, attribution hypotheses and confidence levels.

Create and deliver timely written and verbal intelligence products for technical and non-technical stakeholders (e.g., briefs, alerts, executive summaries and dashboards).

Act as a subject matter expert on cyber threats, partnering with SOC, incident response and engineering teams to inform detection engineering, threat hunting and security improvements.

Support rapid response to cyber incidents by providing actionable intelligence, scoping guidance, and containment/mitigation recommendations to reduce risk and downtime.

Maintain and curate relevant indicators and reporting to help strengthen WTW’s security posture, prioritise defensive actions, and measure threat trends over time.

Qualifications

Skills & Certifications

• Experience working in a dynamic, multi-location team environment.
• Proven ability to prioritise and multitask, managing communications with multiple stakeholders in parallel.
• Understanding of complex, fast-changing IT control environments across identity and access, change management, IT operations, cybersecurity and governance.

 

Behaviours:

• Resourcefulness and organizational agility
• Problem Solving
• Delivery focused
• Strong communications and stakeholder management

 

Qualifications:

• Educated to degree level (or equivalent experience) in cyber security, computer science, intelligence analysis, or a related discipline.
• Experience operating within a global, regulated organisation (e.g., financial services), with awareness of risk, compliance and operational resilience expectations.
• Demonstrable experience producing intelligence outputs (briefs, advisories, assessments) for both technical and senior audiences.
• Strong analytical and problem-solving skills, including the ability to assess confidence, validate sources, and communicate uncertainty.
• Experience collaborating with SOC/threat hunting/incident response to turn intelligence into detections, investigations and mitigations.
• Excellent written and verbal communication skills with strong stakeholder management across multiple time zones.
• Advance level of English and Spanish (valued)
• Residence in Spain is required, with availability to work in a hybrid model and to attend the Madrid office on an occasional basis, in line with business needs.
• Candidates must have the right to work in Spain, as visa sponsorship is not available for this position.

 

We’re committed to equal employment opportunity and provide application, interview and workplace adjustments and accommodations to all applicants. If you foresee any barriers, from the application process through to joining WTW, please email [email protected].