Cyber Threat Intelligence Analyst - SDS Country: Spain IT STARTS HERE Santander ( www.santander.com ) is evolving from a global, high-impact brand into a technology-driven organization, and our people are at the heart of this journey. Together, we are driving a customer-centric transformation that values bold thinking, innovation, and the courage to challenge what’s possible. This is more than a strategic shift. It’s a chance for driven professionals to grow, learn, and make a real difference. Our mission is to contribute to help more people and businesses prosper. We embrace a strong risk culture and all our professionals at all levels are expected to take a proactive and responsible approach toward risk management. Santander Digital Services is the team of technology and operations at Santander. We are convinced of the importance of technology that is aligned with the requirements of the business and that out work not only brings value to users, people and communities but also fosters individual creativity. Our team of over 7,000 people in 8 countries (Spain, Portugal, Poland, UK, USA, Mexico, Chile and Brazil) develops and/or implements financial solutions across a broad spectrum of technologies (including Blockchain, Big Data and Angular among others) on all kinds of on-premise and cloud-based platforms. THE DIFFERENCE YOU MAKE Santander Digital Services is looking for a Cyber Threat Intelligence Analyst based in our Boadilla office. The mission of the Santander Group's Technology and Operations Division is to contribute to the Group's strategy by making possible the operations of Santander's different businesses, by contributing to optimization, growth, and value creation; in addition to reducing risk and improving efficiency. Therefore, we help Santander to become the best open platform for financial services. The CTI Senior Analyst will help drive the evolution of the Cyber Threat Intelligence function to anticipate, contextualise and communicate emerging threats to the organisation. This role aspires to transform intelligence into strategic foresight, ensuring the company remains resilient, informed and prepared in the face of a constantly changing threat landscape. The CTI function operates as a global, intelligence-driven capability that supports proactive risk management, incident response and strategic decision-making. It provides actionable intelligence to executive leadership, cyber defence, fraud and other key stakeholders across the organisation. The team integrates multiple intelligence disciplines (strategic, operational and technical) to deliver timely insights, enable prioritization and enhance resilience. We need someone like you to help us in different fronts: Perform static and dynamic malware analysis, extracting TTPs and IOCs for distribution to other teams. Extract TTPs from both redacted sources and RAW files. Analyze campaigns using the Cyber Kill Chain and Diamond Model. Enrich our Threat Intelligence Platform with IOCs, metadata, and rich object relations. Participate in on-call shifts and interventions Develop scripts for automating your daily tasks, preferably with Python. Write technical reports that can be used by other teams. Present and deliver reports to technical and executive teams. Provide context and actionable intelligence in support to cybersecurity incidents. WHAT YOU’LL BRING Our people are our greatest strength. Every individual contributes unique perspectives that make us stronger as a team and as an organization. We’re enabling teams to go beyond by valuing who they are and empowering what they bring. The following requirements represent the knowledge, skills, and abilities essential for success in this role. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Professional Experience 5 years of experience in cyber intelligence or a related field (Required) Technical knowledge, experience in fraud or other related fields is a plus. (Required) Education University degree in Computer Engineering, Information Systems, Business, Data Science, Mathematics, Statistics or related field or relevant experience. (Required) Certifications in fraud prevention skills or tools. (Preferred) Certifications in data analytics. (Preferred) Certifications in cybersecurity. (Preferred) Languages English (Required) Spanish (Required) Hard Skills Ability to track, profile and assess adversary groups, campaigns and TTPs using structured analytic techniques (Required) Experience creating finished intelligence across strategic, operational and tactical levels (Required) Familiarity with threat modelling frameworks (MITRE ATT&CK, Killchain, Diamond Model) and experience applying them in analytical frameworks (Required) Hands-on experience with intelligence platforms and tooling (Required) Understanding of network defence technologies (EDR, SIEM, firewalls, proxies) (Required) Capability to interpret malware reports, C2 infrastructure and IOCs at a contextual level (Preferred) Scripting and automation, familiarity with Python or automation of intelligence flows (Preferred) Soft Skills Ability to distil complex and ambiguous information into clear, evidence-based assessments that drive decisions Understanding the broader business and geopolitical context of cyber threats to anticipate how emerging risks translate into organisational impact Building relationships with incident response, SOC, risk and executive functions Capable of delivering concise, compelling narratives tailored to diverse audiences; from technical teams to senior leadership Balancing short-term tactical needs with long-term strategic initiatives WE VALUE YOUR IMPACT Your contribution matters, and it’s recognized. You can expect a fair, competitive reward package that reflects the impact you create and the value you deliver. But we know rewards go beyond numbers. We’re enable our teams to go beyond through global opportunities and broad career paths. Flexibility that works. Enjoy a hybrid working models —some days remote, some days onsite with your team—along with flexible hours. Learning for life. Access hundreds of courses on our platforms, including exclusive access to our global learning space: Santander Open Academy (www.santanderopenacademy.com) Competitive rewards. Receive a highly competitive salary with performance-based bonuses, motivating you to keep growing with us. Financial advantages. Benefit from preferential banking terms, special interest rates on loans, life insurance, and more. Your health is our priority. Through BeHealthy, our global wellness programme, we promote Holistic wellbeing. We know family is everything. That’s why we offer childcare support and family-friendly programmes tailored to each life stage. Always by your side. Get access to Santander Contigo, our program for employees and their families offering legal, emotional, and administrative advisory services. Extra benefits. Gym/WellHub membership, medical centers in some of our facilities, meal subsidy, parking, shuttle service from various points in Madrid, as well as exclusive discounts and offers for Santander employees. And that’s only the beginning—we’ll tell you more when you join! We’re here to keep you motivated, help you reach your goals, and celebrate your progress, every step of the way. LOCAL COMPLIANCE Santander is proud of being an organization where there are equal opportunities regardless of age, gender, disability, civil status, race, religion or sexual orientation. We are committed to providing an inclusive and accessible application process for all candidates. WHAT TO DO NEXT If this sounds like a role you are interested in, then please apply. READY TO TAKE THE NEXT STEP IN YOUR JOURNEY?