Data Engineer - Cyber Threat Intelligence (Forward Deployed)

Data Engineer - Cyber Threat Intelligence (Forward Deployed)

Application Deadline: 18 January 2025

Department: Tech Services

Employment Type: Permanent - Full Time

Location: West Midlands, UK

Compensation: £75,000 - £85,000 / year

Description

About Rowden 

We’re building the next UK-headquartered engineering powerhouse.  

There is a gulf between the needs of mission-focused organisations and the development and delivery of the critical technology they rely on. The consequences of this are felt acutely by underserved frontline operators, demanding a new breed of engineering enterprise to bridge this divide. 

Rowden exists to meet this need. We design and build systems, infrastructure, and applications to deliver mission advantage to those working to protect the security of the UK and its allies. Rowden is setting a new standard in government technology provision: hyper-efficient engineering, better customer relationships, and rapid assimilation of commercial technology. 

Our team of Forward Deployed Specialists 

Join Rowden’s Forward Deployed Team and work where the action is.  

You'll collaborate directly with customers on-site, tackling their most complex technology challenges. From diagnosing critical issues to deploying innovative solutions, you'll be at the forefront of solving real-world problems that matter. If you're hands-on, thrive in fast-paced environments, and want to see the impact of your work up close – this is the team for you.  

What’s in it for you: 

• Impact and Purpose: Your work makes a difference — directly supporting defence, national security, and frontline operators. 
• Professional Growth: Experience faster learning, deeper technical challenges, and exposure to real-world constraints that sharpen your skills. 
• Team Expansion: Be part of a growing team that’s delivering results and scaling up. Help us shape what forward deployment looks like as we expand into new projects and new regions. 

The role: Senior Data Engineer – Cyber Threat Intelligence 

The Data Engineer plays a vital role in enhancing the organisation's cybersecurity capabilities by building and maintaining data pipelines that ingest, process, and visualise cyber threat intelligence (CTI) data. The focus of the role involves the setup and maintenance of the OpenCTI Threat Intelligence Platform (TIP), managing data ingestion into Elastic for visualisation and analysis purposes, and integrating threat intelligence feeds with Security Information and Event Management (SIEM) systems.  

This position will enable seamless data flow from internal and external CTI feeds into OpenCTI, Elastic for threat intelligence visualisation, and SIEM systems to support threat detection, analysis, and incident response.  
Your initial deployment is anticipated to be on-site in the West Midlands for approximately two years, working within a hybrid team of contractors and military personnel for a government organisation. While this role offers hybrid working options, it requires a minimum of 4 days per week on-site. Candidates must be willing to obtain a UKNSV security clearance with SC being essential, and DV clearance desirable. You do not have to have worked on customer sites or in a consultancy role previously.

More information about security clearance is available here: https://www.gov.uk/government/publications/united-kingdom-security-vetting-clearance-levels

Key areas of responsibility

• Lead the deployment, configuration, and customisation of the OpenCTI Threat Intelligence Platform, integrating external and internal CTI feeds. 
• Build and optimise data pipelines to ingest CTI data into Elastic for real-time analysis and visualization. 
• Collaborate with CTI and SOC teams to design visualisations and dashboards that support incident detection and strategic decision-making. 
• Automate data ingestion and transformation processes across OpenCTI, Elastic, and SIEM systems. 
• Continuously optimise data pipelines to ensure low-latency processing and minimal downtime. 
• Monitor and troubleshoot data ingestion processes, ensuring accuracy, consistency, and timely delivery of threat intelligence. 
• Maintain documentation of platform configurations, data ingestion pipelines, and integrations. 
• Provide training and support for teams on the use of OpenCTI and Elastic. 
• Ensure compliance with internal security policies and regulatory requirements, including GDPR. 

About you

Qualifications, Skills & Experience:  

• Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or a related field is desirable.  
• 3-5 years of experience as a data engineer, with a focus on cybersecurity and threat intelligence data ingestion and platform management. 
• Certifications such as Certified Threat Intelligence Analyst (CTIA), GIAC Certified Enterprise Defender (GCED), or Certified Information Systems Security Professional (CISSP) are desirable.  
• Strong experience with OpenCTI or similar TIP platforms, including platform deployment, customisation, and management.  
• Experience with the Elastic Stack (Elasticsearch, Kibana, Logstash) for data ingestion, analysis, and visualisation, particularly in the context of cybersecurity.  
• Ability to manage complex data pipelines and integrate them with SIEM systems.  
• Proficiency in Python, SQL, or similar languages for data processing and automation.  
• Familiarity with common CTI data formats such as STIX/TAXII, JSON, and CSV.  
• Experience working with cloud-based data services (e.g., AWS, Azure) and integrating cloud-based threat intelligence feeds.  
• Experience with CI/CD pipelines, containerisation (e.g., Docker, Kubernetes), and infrastructure as code (e.g., Terraform, Ansible).  
• Experience in real-time data handling, visualization, and threat intelligence analysis. 

Key Attributes:  

• Analytical Thinking: Strong problem-solving and analytical skills to design, manage, and optimise data pipelines, ensuring efficient data flow and visualisation. 
• Collaboration: Ability to work effectively in a collaborative environment, working with cybersecurity analysts, IT teams, and other stakeholders to achieve shared goals. 
• Attention to Detail: Strong attention to detail in ensuring data accuracy, quality, and security.  
• Continuous Learning: A desire to stay current with cybersecurity trends, new data formats, and tools, consistently improving your skill set. 
• Outcome-Driven: Strong focus on delivering actionable insights and seamless data flows that support operational objectives. 

Working at Rowden

We are committed to building a flexible, inclusive, and enabling company. Our aim is to create a diverse team of talented people with unique skills, experience, and backgrounds, so please apply and come as you are! Rowden is a Disability Confident Committed company, and we actively encourage people with disabilities and health conditions to apply for our roles. Please let us know your requirements early on so that we can make sure you have everything you need up front to help make the recruitment process and experience as easy as possible. Finally, if you feel that you don’t meet all the criteria included above but have transferable skills and relevant experience, we’d still love to hear from you!