Lead, IT Threat Intelligence

Job summary:

Leads IT threat intelligence operations by gathering, analyzing, and operationalizing threat data to inform security strategies and defense mechanisms. Provides contextualized intelligence to support proactive risk mitigation, incident response, and vulnerability management. Collaborates with TAQA SOC, TAQA Group IT Security, TAQA Transmission, and external partners to ensure continuous visibility of the evolving threat landscape. Plays a critical role in enhancing the organization's situational awareness, anticipating cyber risks, and preventing successful targeted attacks.

Key Responsibilities:

Threat Intelligence Analysis

• Collect, analyze, and aggregate data from internal systems, threat feeds, open-source intelligence (OSINT), commercial sources, and government advisories to build a comprehensive threat picture.
• Track threat actor behaviors, malware trends, tactics/techniques/procedures (TTPs), and vulnerabilities relevant to the organization's industry and technology landscape.
• Produce structured threat profiles, indicators of compromise (IOCs), and threat models aligned with organizational risk priorities.
• Collaborate with Infrastructure, Endpoint, and Vulnerability Management Leads to provide relevant threat intelligence inputs that inform infrastructure defense, endpoint protection strategies, and vulnerability prioritization.

Operationalization & Defense Integration

• Translate raw threat data into actionable intelligence to enhance detection rules, hardening measures, and SOC alerts.
• Provide timely threat briefings, technical advisories, and strategic recommendations to IT security, infrastructure, and leadership teams.
• Collaborate with the SOC, vulnerability management, and endpoint security teams to ensure intelligence informs prioritization of response and control enhancements.
• Support refinement of security monitoring use cases and detection logic based on threat intelligence insights.

Collaboration & Incident Support

• Support the Security Incident Lead during incident investigation and response by providing contextual intelligence on threat actors, tools, and attack vectors.
• Coordinate with internal stakeholders to gather telemetry, enrich threat data, and validate threat hypotheses.
• Engage with law enforcement, industry sharing communities, and external threat intelligence partners to obtain timely and relevant threat data.

Compliance, Documentation & Governance

• Maintain updated threat intelligence documentation, threat models, intelligence reports, and dissemination logs.
• Ensure all intelligence activities align with applicable regulatory requirements, internal policies, and information-sharing guidelines.
• Provide evidence and reporting to support audits, incident reviews, and risk assessments.

Monitoring, Reporting & Continuous Improvement

• Define and maintain KPIs related to threat feed utilization, threat reporting cycles, and intelligence-to-action timelines.
• Conduct periodic assessments of threat intelligence relevance, accuracy, and timeliness to enhance its strategic and operational value.
• Identify gaps in visibility or data coverage and recommend new sources, tools, or partnerships.
• Contribute to the continuous improvement of the threat intelligence lifecycle and threat-informed defense strategies.

Technology and Industry Trends

• Monitor evolving cyber threats, adversary capabilities, and attack campaigns targeting similar sectors and geographies.
• Stay current with advancements in threat intelligence platforms, data enrichment techniques, and intelligence-sharing protocols.
• Collaborate with TAQA Group, sector entities, external partners, and research communities to exchange threat intelligence and best practices.
• Benchmark organizational threat intelligence maturity against industry standards and suggest improvements to remain proactive and agile.

Policy, Procedures, Process and Systems

• Follow the operational strategy in compliance with group delegation of authority policy.
• Ensure the compliance of organization’s policy, systems, processes, procedures, and controls in line with group delegation of authority policy so that all relevant procedural/legislative requirements are fulfilled while delivering a quality, cost-effective service in a consistent manner.

Reporting

• Ensure that all reports are completed timely and comply with the business and organization’s policies and standards.
• Manage the preparation of periodical management reports and progress reports to keep the business senior management informed about the progress of various initiatives and to facilitate decision-making.
• Comply with organization’s requirements in a timely manner.

People Management Responsibilities:

• Learning and Development
• Actively participate in mentorship and professional development activities for team members.
• Participate in talent development programs aimed at enhancing skills and supporting career progression.
• Contribute to a team culture that is connected to the organization's larger purpose.

• Culture
• Uphold and promote the organization's values within the team. Foster a collaborative and innovative work environment through active participation and support.
• Drive a culture of continuous improvement and innovation, encouraging the team to adopt best practices.

• Communication
• Support informed decision-making within the team. Contribute to clear and effective communication, ensuring alignment with organizational objectives and facilitating smooth information flow up and down the chain.

HSE, Security, and Risk Protocols Responsibilities:

• The Employee shall adhere to all the HSE, Security and Risk Management Rules & Procedures communicated by the company, including:
• Taking reasonable care of their own health, safety, and security.
• Taking reasonable care of the health, safety and security of persons that may be affected by their acts or omissions at work.
• Co-operate with their employer with respect to any instruction and/or actions taken by the employer to protect the employee and/ or comply with HSE and security requirements.
• Report to their immediate line manager any situation which they have reason to believe could present a risk, hazard, or issue to an individual or the company and which they cannot correct themselves.
• Report all HSE and security incidents and work-related injuries.
• Not intentionally or recklessly interfere with or misuse anything provided at the workplace that supports the interest of HSE, security and welfare.

Behavioral

• Strategic Thinking and Planning
• Leadership and People Management
• Communication and Stakeholder Management
• Problem-solving and Decision-making
• Adaptability and Continuous Learning

Technical (based on SFIA framework v9)

• Information Security (SCTY)
• Risk Management (BURM)
• Network support (NTAS)
• Configuration Management (CFMG)
• Infrastructure design (IFDN)
• Incident Management (USUP)
• Threat Intelligence (THIN)
• Information and data compliance (PEDP)
• System Integration and Build (SINT)

Essential Requirements

Qualifications

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.

Experience

• Minimum of 5–7 years of experience in cybersecurity, with at least 3 years in threat intelligence.
• Strong understanding of threat actor tactics, malware analysis, IOCs, and global threat landscapes.
• Experience with threat intelligence platforms (TIPs), SIEMs, and intelligence enrichment tools.

Desired Requirements

Qualifications

• Master’s degree in Cybersecurity, Information Technology, or a related field.

Experience

• Minimum of 8–10 years of relevant experience with demonstrated leadership in threat intelligence operations.
• Certifications such as GIAC Cyber Threat Intelligence (GCTI), CISSP, or equivalent.
• Familiarity with threat intelligence frameworks and UAE-specific cybersecurity guidelines.