Role Description As a Protective Intelligence Analyst, you will be embedded within our client’s risk and intelligence team, working remotely with flexible hours to support their security and strategic decision-making. Your main responsibilities will include: - Proactively identifying and researching potential threats. - Analysing emerging trends. - Assessing risks that could impact the client’s personnel, operations, reputation, and strategic objectives. - Applying expertise in intelligence analysis to provide actionable insights. - Advising decision-makers and helping develop strategies to mitigate risks. - Monitoring various sources of information and synthesising complex data. - Communicating findings clearly to support the client’s safety and success. This is a fully remote role based in India supporting a 24/7 function, and although the core hours are standard business hours, you will be required to work evenings, weekends, and holidays as needed. Responsibilities - Monitor all-source information to proactively identify and assess threats. - Highlight emerging trends that may impact business, productions, and talent. - Conduct detailed assessments on threat actors and maintain databases. - Support talent and executive protection details with accurate and timely information and alerting. - Provide security/threat assessments for events. - Respond to critical incidents, rapidly research and deliver information in a clear and concise format. - Conduct investigations into threat actors. Qualifications - 4 years of relevant Protective Intelligence experience in a corporate setting. - BA degree is preferred but not required if the candidate has the necessary work experience. - Advanced knowledge of open-source, social media, and public records search techniques. - Experience with threat assessment tools and structured professional judgment guides for targeted violence risk. - Strong interpersonal skills. - Clearly communicate risk to stakeholders in a concise format. - Approach cases with empathy and discretion. - Be aware of and work through cognitive biases that may impact assessment. - Proven ability to work with highly confidential information. - Demonstrated ability to complete multiple tasks simultaneously and function in a fast-paced environment with minimal supervision. - Strong analytical, oral, and written presentation skills including the ability to deliver communications centred on the target audience. - Advanced proficiency in Web-based social media platforms, search tools, productivity applications, and communication technology. - Must have existing authorisation to live and work in India. - Passionate about intelligence work, enjoys problem-solving, and is committed to delivering impactful analysis that helps protect and inform the client’s organisation. Interview Process - Initial call with our Talent Acquisition team member. - Timed written assessment (arranged at a time that suits you) to test writing and analytical capability. - Panel interview with some of the team members and hiring managers at Sibylline. - Meet and Greet with the client. Research indicates that certain groups are less likely to apply for a position unless they meet every single requirement. If you feel you meet some of the requirements and can offer a unique perspective to this role, we strongly encourage you to apply—you might be the perfect fit we're looking for! Sibylline is committed to the recruitment and selection of candidates without regard for sexual orientation, gender, ethnicity, age, political beliefs, culture and lifestyle. We are committed to fostering a business culture that reflects these values and promotes equal opportunity.

• Conduct proactive, hypothesis‑based threat hunts across endpoint, network, identity, cloud, and SaaS telemetry to identify unknown or emerging threats. • Leverage MITRE ATT&CK to design and execute hunt scenarios aligned to known adversary tradecraft. • Identify stealthy behaviors such as living‑off‑the‑land techniques, credential abuse, lateral movement, and command‑and‑control activity. • Develop and refine detection logic, analytics, and queries within SIEM/XDR platforms (e.g., Cortex XSIAM or equivalent). • Perform deep‑dive investigations and escalate confirmed threat activity with clear evidence and recommendations. • Partner with Incident Response teams during active incidents to provide threat context, scoping, and root cause analysis. • Validate and tune alerts to reduce false positives while improving detection efficacy. • Correlate internal telemetry with threat intelligence feeds to identify active campaigns, exploited vulnerabilities, and adversary infrastructure. • Track emerging threat actor techniques, malware families, and attack trends relevant to the organization’s industry. • Translate intelligence into actionable hunts, detections, and defensive recommendations. • Contribute to the development of threat hunting playbooks, standard operating procedures, and knowledge repository in general. • Support continuous improvement of the threat hunting program through metrics such as hunt coverage, findings quality, cyber posture enhancement identification. • Produce clear, concise reports for both technical and non‑technical stakeholders.

• Monitor all-source information to proactively identify and assess threats, as well as highlight emerging trends that may impact business, productions, and talent. • Conduct detailed assessments on threat actors and maintain databases. • Support talent and executive protection details with accurate and timely information and alerting. • Provide security/threat assessments for events. • Respond to critical incidents, rapidly research, and deliver information in a clear and concise format. • Conduct investigations, as needed. • Other duties as assigned.

• Develop a strong understanding of our cloud and corporate environments and use that knowledge to find active threats and inform our defense strategy. • Work with our detection and response stack: e.g. Panther, Wiz, Jamf Protect, and Temporal to investigate potential breaches. • Provide feedback on our cloud architecture and detection and response capabilities. • Use threat intelligence to proactively hunt for bad actors in our environment. • Develop hypotheses for attack scenarios and use our detection stack to validate them. • Discover gaps in our detection coverage to inform tactical and strategic improvements. • Hunt for bad actors abusing Teleport’s platform to facilitate their attacks, discover patterns to inform prevention efforts.