Cyber Threat Intelligence (CTI) | Manager

Job Requisition ID: 40835 

• Be part of market-leading projects with global scale and complexity

• Mentoring, coaching and leadership programs to help you make an impact that matters
• Reimbursements for professional development and subsidised qualifications

Be part of Deloitte’s Cyber Threat Intelligence team, help make decisions that define our strategy, drive change and provide better services for our clients. Help us do something that really matters - keep Australian people and Australian companies safe – while enjoying work and the fast-paced environment that rewards you for your efforts, encourages your ideas and recognises that work life balance is important. This position is open to any major city in Australia, with a balance between working from home and in the office.

What will your typical day look like?

Reporting to the Advance Capability Lead, your role will be situated within Deloitte’s Cyber Intelligence Centre (CIC), and you will provide support to the Security Operations Centre (SOC) and Digital Forensics and Incident Response (DFIR) teams. Our mandate is to analyse the data and create actionable intelligence for the SOC, IR and our Clients.

This role fills two critical functions in Deloitte’s Cyber Threat Intelligence capability.

1. Threat Monitoring – Your role plays a vital part in the proactive monitoring and alerting of threat to our clients. Through collection of Open-Source Intelligence (OSINT), Threat Feeds and reports, you will assess and identify emerging threats that wish to do harm to our clients. 
2. Analysis and Reporting – Deloitte Cyber is a threat intel lead organisation and your actionable reports of threat actors, their techniques, tactics and procedures (TTPs) and the indicators of compromise will help lead and shape detections, investigations and incidents teams within Deloitte.  

Your will be expected to:

• Deliver actionable strategic, tactical and operational intelligence for various internal and external stakeholders across cyber, technical and non-technical.
• Analyse TTPs of threat actors and their motivations and capability.
• Monitor and assess the evolving threat landscape, providing updates, strategic and operational insights as well as tactical reporting.
• Prepare Cyber Threat Intelligence reports detailing new and modified TTPs, Indicators of Attack (IOA) and IOCs, as well as recommendations to reduce likelihoods of attack.
• Prepare Cyber Threat Intelligence Briefs on trends or sector-based threats relevant to internal and external stakeholders.
• Present external stakeholders’ intelligence reports and briefs.
• Provide support to SOC and DFIR investigations through TTP, IOA, IOC and summarised reports.
• Mentor and support the growth and development of junior colleagues, graduates and vacationers.

Enough about us, let's talk about you.

You may have all or some of the following skills / experiences: 

• Strong understanding of cyber threats, vulnerabilities, and adversary tactics in Australia and Asia Pacific (including Mitre ATT&CK Frameworks).
• Knowledge of cybersecurity principles and business operations relevant to customer organisations.
• Familiarity with cyber operations activities such as footprinting, scanning, enumeration, and penetration testing.
• Experience with intelligence platforms (e.g., MISP, OpenCTI), including configuration and deployment.
• Proficiency in reporting, dissemination, and information-sharing procedures.
• Understanding of authentication, authorisation, and access control methods.
• Knowledge of forensics tools and applications (e.g., Volatility, Registry Recon, WireShark).
• Demonstrated ability to analyse threat environments across ICS, cloud, and on-premise infrastructure.
• Familiarity with attack classes and operational threat environments (passive, active, insider, distribution).
• Skills in metadata extraction, analysis, and utilisation.
• Knowledge of incident categories and response timelines.
• Understanding of malware analysis concepts and methodologies.
• Experience with security event correlation tools.
• Familiarity with server and client operating systems, diagnostics, and fault identification.
• Awareness of social dynamics and global context of cyber attackers.
• Understanding of digital forensics data types and threat/target systems.

Why Deloitte?

At Deloitte, we focus our energy on interesting and impactful work. We’re always learning, innovating and setting the standard; making a positive difference to our clients and our society. We put coaching at the heart of what we do, helping our people grow their careers in any direction – whether it be up, moving into something new, or even moving across the world.   

We embrace diversity, equity and inclusion. We have a diverse collection of people from different backgrounds, with different experiences, gender identities, abilities and thinking styles. What binds us together is a shared commitment to value everyone’s perspective and to cultivate inclusion; so that our work environment is a safe space we can all belong.  

We value in-person connection with our clients and our colleagues. We offer several ways for you to work flexibly so that you can serve your clients, stay connected with your team, and manage your personal priorities.

We help you live and work well. To support your personal and professional life, we offer a range of perks and benefits, including retail discounts, wellbeing leave, paid volunteering days, twelve flexible working options, market-leading parental leave and return to work support package.  

Next Steps  

Sound like the sort of role for you? Apply now, we’d love to hear from you!  

#LI-Hybrid

By applying for this job, you’ll be assessed against the Deloitte Talent Standards. We’ve designed these standards so that you can grow in your career, and we can provide our clients with a consistent and exceptional Deloitte employee experience globally. The preferred candidate will be subject to background screening by Deloitte or by their external third-party provider.