Lead, Cyber Threat Intelligence

**Closing Date: July 31, 2025**:
Teck is a leading Canadian resource company focused on responsibly providing the metals essential for global development and the energy transition while caring for the people, communities and land that we love.

Teck's two regional business units, North America and Latin America, are responsible for Teck's assets through all phases of safe, sustainable development, operation and closure. The business units are supported by enterprise-wide functions that set strategic direction, establish standards and provide governance, as well as supporting the business through shared services, centres of excellence and business partnering.

We are seeking an experienced and proactive Lead - Cyber Threat Intelligence (CTI) to guide and mature our threat intelligence function within the Cyber Defence team.

As Lead - CTI, you will collaborate with security operations, incident response, risk management, and executive leadership to ensure cyber threat insights drive informed security decisions. This is a senior role ideal for a proven expert with at least 10 years of experience in intelligence, cybersecurity, or a related field.

Don't miss out on this outstanding opportunity to be part of one of Canada's leading mining companies and join our team

**Responsibilities**:

- Be a courageous safety leader, adhere to and sponsor safety and environmental rules and procedures
- Champion the 3 lines of defense model for risk management and act as a 2nd line of defense facilitator regularly interacting with the 1st defence line
- Develop and execute the CTI program roadmap aligned with organizational security objectives.
- Oversee intelligence collection from internal telemetry, open-source intelligence (OSINT), commercial feeds, government sources, and the dark web.
- Prioritize and assess threat actor campaigns, TTPs, and emerging vulnerabilities relevant to the business and industry.
- Create and maintain threat actor profiles, threat landscape assessments, and sector-specific threat reports.
- Collaborate with SOC, incident response, vulnerability management, and executive stakeholders to ensure intelligence is operationalized.
- Maintain and refine processes for intelligence validation, dissemination, and escalation.
- Drive integration of MITRE ATT&CK and other frameworks into threat analysis and reporting.
- Coordinate intelligence-sharing relationships with ISACs, industry peers, law enforcement, and intelligence communities.
- Deliver regular briefings and reports to both technical teams and executive leadership.
- Implement and maintain automated threat intelligence scripts and workflows using Python, PowerShell, and other relevant languages
- Integrate threat intelligence feeds and APIs into security systems to ensure real-time threat detection and response
- Collaborate with the security operations team to develop automated threat seek missions as code
- Ensure the integration of threat intelligence with SIEM, SOAR, and other security tools to improve threat detection and response capabilities
- Determine, document, and curate threat intelligence requirements for the organization and its key partners while establishing critical metrics for the function
- Maintain a threat intelligence collection plan to guide the function’s processes and integrations
- Provide context and enrich threat intelligence in order to sharpen the signal and its relevance to the organization

**Qualifications**:

- Minimum 10 years of experience in cyber threat intelligence, cybersecurity operations, or cyber defense roles.
- Proven leadership experience in managing threat intelligence teams or functions.
- Strong understanding of the cyber threat landscape, adversary tactics, techniques, and procedures (TTPs), and threat actor motivations.
- Expertise in MITRE ATT&CK, diamond model, kill chain, and intelligence lifecycle frameworks.
- Experience using tools such as MISP, ThreatConnect, Recorded Future, Anomali, Maltego, or similar.
- Ability to analyze, synthesize, and contextualize data from diverse sources into clear, actionable insights.
- Exceptional written and verbal communication skills; able to brief both technical and executive audiences.
- Familiarity with SOC, IR, and vulnerability management workflows.
- Coding and scripting skills in languages such as Python, PowerShell, or Bash
- Experience with security automation and orchestration platforms (e.g., SOAR)
- Understanding of APIs and integration techniques
- Bachelor’s or Master’s degree in Cybersecurity, Intelligence Studies, Computer Science, or a related field
- Certifications such as GCTI, GCIA, GCIH, CISSP, or equivalent preferred
- Additional relevant certifications (e.g., CEH) are a plus

**Why Join Us?**:
Teck is a leading Canadian resource company focused on responsibly providing the metals essential for global development and the energy transition while caring for the people, communities and land that we love.

At Teck, we offer more than