JOB DESCRIPTION

WE ARE

DIGIT is the Directorate-General for Digital Services whose aim is to deliver digital services to enable EU policies and to support the Commission’s internal administration. CERT-EU is the Cybersecurity Service for the European Union institutions, bodies, offices and agencies (Union entities). CERT-EU is administratively attached to DIGIT.

Established in 2011 to shore up the ICT security for the Union entities, we have been steadily expanding our IT security operations over the years and currently serve over 90 such entities spread across the Continent and beyond. From our base in Brussels, we work with a range of peers, partners and researchers from all over the world to ensure we maintain our technological edge and have access to the best-in-class expertise.

WE PROPOSE

DIGIT CERT-EU is looking to hire one truly motivated IT Security Officer – Cyber Threat Intelligence Analyst. This is a highly challenging and empowering job which provides many opportunities for one’s competencies to shine in a very friendly, supportive, human and professional environment.

The selected candidate will be part of the Cyber Threat Intelligence team of CERT-EU, responsible to collect and analyse threat information from open sources, commercial sources, partners and Union entities, provide actionable data for the purposes of detecting malicious activity, research cyber threat actors, develop their profiles, identify their tactics, techniques and procedures and track their malicious infrastructure.

The job holder will be assigned to monitor the constantly changing threat landscape, report on the latest threats and trends, contribute to the production of informative and actionable threat assessments (alerts, cyber security briefs, memos), and closely cooperate and share threat

 

The position will consist of the following, amongst other tasks:

• Collecting, evaluating and analysing cyber threat data from open-source intelligence, commercial sources, partners and Union entities regarding current and emerging threats.
• Researching and analysing cyber threat actors, understanding and developing their profiles, identifying their tactics, techniques and procedures, tracking their malicious infrastructure and discovering new infrastructure employed by them, providing actionable data and creating innovative detection methods for the purposes of finding malicious activity.
• Operating threat intelligence platforms, feeding CERT-EU’s cyber threat intelligence

knowledge   base and controlling technical threat                          data flow such as indicators of

compromise and detection rules.

• Monitoring the threat landscape, reporting on the latest threats and trends, helping Union entities to protect themselves against malicious attacks, identifying and reporting regularly on significant threats and risks that emerging technologies present to Union entities and conducting malware and phishing campaign analysis to understand threat vectors.
• Continuously monitoring, assessing and tracking high-impact common vulnerabilities and exposures that are being actively exploited in the wild and pose potential risks to Union entities’ environments, ensuring timely awareness and mitigation recommendations.
• Developing and delivering strategic, operational,                    and tactical threat intelligence to

stakeholders, providing insights tailored to the evolving threat landscape to enhance preparedness, strategic planning, and long-term security posture.

• Producing informative and actionable threat assessments, including memos, alerts, briefs, threat landscape reports, to support informed decision making and proactive risk mitigation.
• Contributing to the production of threat alerts with technical description and actionable

information, assisting Union entities in safeguarding        their environments against targeted,

deliberate and harmful cyber threats.

• Creating tailored reports for each Union entity, analysing threats that are most relevant to their specific environment, risk profile, and operational context.
• Collaborating continuously with the other CTI experts and CERT-EU teams as well as partners and Union entities, to exchange intelligence and enhance threat awareness and coordinate responses to cyber threats.
• Acting as a cyber security information exchange and coordination hub for Union entities, facilitating timely sharing of threat intelligence, best practices, and collaborative mitigation of emerging cyber threats, while empowering them to fortify their digital defences.
• Sharing intelligence with the Security Operations Centre and Digital Forensics and Incident Response teams to support their operations during the investigation of security incidents.

WE LOOK FOR

The selected candidate should also possess knowledge and experience in the following domains:

• Experience in cyber threat intelligence with a focus on analysing threat reports and producing tactical, operational, and strategic intelligence reports for the stakeholders.
• Understanding of the cyber threat landscape, including knowledge of nation-state threat intelligence with the other CTI experts and CERT-EU teams, partners and customers.

Ability to research on threat actors, develop innovative methods for tracking their infrastructure and generate and deliver actionable data for detecting malicious activity. Experience in all operating systems administration, networking concepts, including understanding of network architecture and protocols, Windows and Linux security, application security, vulnerability management, malware reverse engineering and analysis techniques, including static and dynamic analysis, cloud security and defence operations. Experience in supporting incident response investigations, threat hunting activities and red team operations.

Professional knowledge of scripting languages like python, powershell, or peri, programming languages like C, C++, GitLab pipelines, bash, windows command line, and GraphQL.

Ability to comprehend machine learning concepts, use Al-driven tools to automate repetitive tasks, understand how natural language processing can be used to extract threat information from unstructured sources and interpret Al-generated insights.

Experience in creating and presenting CTI research, analytical findings and cybersecurity awareness materials to diverse audience.

The candidate should also demonstrate the following skills:

• A high level of customer orientation.
• Strong analytical, critical thinking and problem-solving skills including the ability to deal with a large amount of information in a limited time.
• Ability to establish and maintain effective working relations with co-workers in an international and multi-disciplinary work environment.
• Excellent communication skills in English, both orally and in writing to produce situational and strategic cyber threat intelligence reporting.
• High degree of commitment and flexibility, enthusiasm and motivation to work, with strong teamwork abilities.
• A focus on constant learning and improving technical and personal skillsets.
• Ability to maintain attention to detail and accuracy, even under the pressure of tight deadlines.
• Experience with a vast array of IT technologies and the ability to quickly master new technologies as well staying informed about rapidly evolving cyber threats, vulnerabilities, and adversary tactics, techniques and procedures.

To make your application stand out, please consider that the ideal candidate will possess some, or all, of the following:

• A university-issued diploma or equivalent.
• At least 3 years of professional experience in cybersecurity, including at least 2 years specifically focused on cyber threat intelligence, incident response, or threat hunting.
• Demonstrated capacity to draft clear and concise documents on complex matters tailored to various audiences.
• Competence in monitoring geopolitical developments that may influence cyber risk and threat landscape.

The candidate must hold a security clearance at EU SECRET level or be in a position to be security cleared.

 

You should send your documents in a single pdf in the following order:

1. your CV 2. completed application form.

Please send these documents by the publication deadline to [email protected] indicating the selection reference DIGIT/C0M/2025/1194 in the subject.

No applications will be accepted after the publication deadline.