ABOUT US
We’re the world’s leading provider of secure financial messaging services, headquartered in Belgium. We are the way the world moves value – across borders, through cities and overseas. No other organisation can address the scale, precision, pace and trust that this demands, and we’re proud to support the global economy.
We’re unique too. We were established to find a better way for the global financial community to move value – a reliable, safe and secure approach that the community can trust, completely. We’re always striving to be better and are constantly evolving in an ever-changing landscape, without undermining that trust. Five decades on, our vibrant community reflects the complexity and diversity of the financial ecosystem. We innovate diligently, test exhaustively, then implement fast. In a connected and exciting era, our mission has never been more relevant. Swift now has a presence in 200+ countries and legal territories to serve a community of more than 12,000 banks and financial institutions.
Key Responsibilities
As a Cyber Threat Intelligence Analyst, you will be part of our Cyber Fusion Center team, supporting the organization and its global stakeholders. You’ll be integrated within our Cyber Threat Intelligence Program, which drives our worldwide efforts to identify, analyze, and manage threats to Swift. You will operate with a high degree of autonomy, taking ownership of intelligence activities from collection through dissemination and stakeholder engagement, while collaborating closely with senior analysts and the Head of Cyber Threat Intelligence.
Examples of the activities you will be responsible for include:
- Conduct Intelligence Collection, Analysis, and Production: Independently conduct intelligence collection, research, and analysis activities using a wide range of intelligence sources, tools, and methodologies. Produce and present high-quality intelligence products across tactical, operational, and strategic levels, including threat actor profiles, TTP analyses, threat hunting packages, geopolitical assessments, executive briefings, and threat landscape reports. Apply structured analytical techniques and clearly communicate key judgements, confidence assessments, and recommendations.
- Support Threat-Informed Defence and Intelligence Response Activities: Partner with Security Operations, Incident Response, Threat Hunting, Detection Engineering, Red Team, and Vulnerability Management teams to ensure intelligence is operationalised effectively. Lead the investigation and assessment of intelligence-driven alerts, Requests for Intelligence (RFIs), emerging threats, suspicious infrastructure, and third-party exposures. Identify relevant adversary behaviours and attack trends to support defensive prioritisation and response activities.
- Drive Stakeholder Engagement and Intelligence Requirements: Build and maintain strong relationships with stakeholders across technical, operational, and business functions. Identify intelligence requirements, translate stakeholder needs into collection objectives, and ensure intelligence outputs remain relevant, actionable, and aligned with organisational priorities. Develop collection plans and priorities based on documented intelligence requirements.
- Conduct Threat Infrastructure and Campaign Tracking: Monitor and analyse threat actor infrastructure, campaigns, tooling, and operational activity to identify trends, relationships, infrastructure overlaps, and emerging threats. Perform infrastructure analysis to support actor tracking, attribution assessments, collection efforts, and organisational risk assessments.
- Drive CTI Capability Development, Automation, and Innovation: Identify opportunities to improve intelligence processes, workflows, automation, reporting, and operational effectiveness. Design, implement, and maintain technologies that support intelligence operations, including automation workflows, data enrichment pipelines, and platform playbooks. Contribute to intelligence-led initiatives such as analytical experimentation, deception technologies, collection projects, and emerging capability development.
- Share Knowledge and Support Team Development: Actively support the growth of junior analysts through knowledge sharing, peer review, coaching, and collaboration. Promote analytical rigour, consistency, and intelligence tradecraft within the team.
This is a dynamic and growing function, and the examples above represent only a portion of the work undertaken by our team. We welcome discussions about additional areas of responsibility and opportunities for growth during the recruitment process.
Competency Profile
This position is suited to an analyst who has developed a solid foundation in cyber threat intelligence and is ready to take ownership of intelligence activities with limited supervision.
- Relevant Experience in Cyber Threat Intelligence or Related Security Functions: Demonstrated experience within a Cyber Threat Intelligence function or a closely related field such as Security Operations, Incident Response, Threat Hunting, Detection Engineering, Digital Forensics, Adversary Emulation, or Security Research. Experience producing analytical assessments and intelligence products will be highly desirable.
- Threat Intelligence Analysis and Tradecraft: Strong understanding of cyber threats, threat actors, intrusion methodologies, attack lifecycles, and contemporary threat trends. Experience collecting, evaluating, analysing, and synthesising information from multiple sources to produce clear, concise, and actionable intelligence outputs. Practical experience applying threat intelligence concepts and analytical methodologies, including the Intelligence Cycle, Intelligence Requirements Management, MITRE ATT&CK®, Cyber Kill Chain®, Pyramid of Pain, Structured Analytical Techniques, and Threat-Informed Defence principles. Ability to assess source reliability, evidential strength, analytical confidence, and competing hypotheses when producing intelligence assessments.
- Security Operations and Intelligence Platforms, Sources, and Technologies: Understanding of common security technologies and security operations workflows, including network security controls, endpoint security, SIEM technologies, threat hunting, incident response processes, and detection engineering concepts. Experience leveraging threat intelligence platforms, intelligence sources, and analytical technologies to support intelligence collection, analysis, investigation, and dissemination activities. Ability to translate intelligence into actionable outcomes for operational security teams.
- Stakeholder Engagement, Communication, and Presentation Skills: Ability to engage confidently with stakeholders across varying levels of technical expertise and seniority. Excellent written English skills are essential, with the ability to produce clear, concise, and well-structured intelligence assessments, reports, and briefings for both technical and non-technical audiences. Strong verbal communication and presentation skills, with the ability to communicate complex intelligence assessments clearly, deliver briefings, facilitate discussions, and provide practical recommendations that support decision-making.
- Technical Engineering and Automation: Ability to develop, maintain, or enhance automations, scripts, workflows, and integrations that improve intelligence operations. Experience with Python, PowerShell, APIs, data processing, workflow automation, or security orchestration platforms is highly desirable. Comfortable working with Linux-based systems, containerised applications, cloud services, and technologies used within intelligence operations. Experience supporting, maintaining, or enhancing intelligence platforms and associated workflows is advantageous.
- Threat Actor Infrastructure Analysis: Experience investigating threat actor infrastructure and campaign activity, including domains, hosting providers, SSL/TLS certificates, malware distribution mechanisms, command-and-control infrastructure, phishing infrastructure, passive DNS, WHOIS analysis, internet scanning services, and internet-facing attack surface analysis. Ability to support threat actor tracking, attribution assessments, collection efforts, and organisational risk assessments.
- Intelligence Collection Management: Experience translating stakeholder needs into intelligence requirements, developing collection plans, identifying collection gaps, and measuring intelligence outcomes. Ability to proactively drive intelligence activities based on documented intelligence requirements rather than reactive tasking.
- Continuous Improvement Mindset: Demonstrated curiosity and desire to continuously improve intelligence capabilities, processes, and tradecraft. Comfortable identifying opportunities for automation, workflow optimisation, capability development, and improved intelligence delivery.
- Collaborative Team Player with Global Perspective: You will work within a diverse global environment and should be comfortable collaborating across functions, cultures, and geographic regions. We value individuals who actively contribute to team success, share knowledge openly, and help develop the capabilities of those around them.
- Mandarin/Cantonese Language Proficiency (Highly Desirable): Professional working proficiency or fluency in Mandarin and Cantonese is highly desirable. The ability to consume, analyse, and contextualise traditional and simplified Chinese-language reporting, technical content, and threat intelligence sources, as well as engage with Mandarin/Cantonese speaking stakeholders when required, would be advantageous.
What we offer
We give you the freedom to be yourself. We are creating an environment of unique individuals – like you – with different perspectives on the financial industry and the world. A diverse and inclusive environment in which everyone’s voice counts and where you can reach your full potential.
We are committed to an inclusive and accessible recruitment process. If you require a reasonable accommodation related to accessibility during your application or interview, please contact [email protected] or indicate this in your application.
Please note that this mailbox is not monitored for general recruitment enquiries and should only be used for accessibility or accommodation-related requests (for example related to vision, hearing or neurodiversity).
All requests are confidential and will not affect your candidacy.
Don’t meet every single requirement? At Swift, we are dedicated to building a workplace where people can bring their full selves and ideas to the team, so if you are excited about this role, we encourage you to apply even if you do not meet every single qualification.
Skills Required
- Experience in Cyber Threat Intelligence or related security functions (SOC, IR, threat hunting, detection engineering)
- Proven ability to produce intelligence products (threat actor profiles, TTP analyses, briefings, reports)
- Strong understanding of threat intelligence tradecraft and frameworks (MITRE ATT&CK, Cyber Kill Chain, Pyramid of Pain)
- Experience with threat actor infrastructure analysis (domains, certificates, passive DNS, WHOIS, phishing/malware infrastructure)
- Familiarity with security operations workflows and technologies (SIEM, endpoint security, detection engineering, threat hunting)
- Excellent written and verbal communication skills; ability to brief technical and non-technical stakeholders
- Experience translating stakeholder requirements into collection plans and intelligence outputs
- Ability to develop or maintain automations, scripts, and integrations (Python, PowerShell, APIs); familiarity with SOAR and data pipelines
- Comfortable with Linux systems, containerised applications, and cloud services
- Mandarin and Cantonese proficiency for Chinese-language reporting and stakeholder engagement
What We Do
SWIFT is a global member-owned cooperative and the world’s leading provider of secure financial messaging services. We provide our community with a platform for messaging and standards for communicating, and we offer products and services to facilitate access and integration, identification, analysis and regulatory compliance. Our messaging platform, products and services connect more than 11,000 banking and securities organisations, market infrastructures and corporate customers in more than 200 countries and territories. SWIFT also brings the financial community together – at global, regional and local levels – to shape market practice, define standards and debate issues of mutual interest or concern. For more information, visit www.swift.com or follow us on Twitter: @swiftcommunity






