Data Scientist – Cyber Threat Intelligence

Data Scientist – Cyber Threat Intelligence

Joining Maersk will embark you on a great journey with career development in a global organisation.

You will be exposed to a wide and challenging range of business issues through regular engagement with key stakeholders across all management levels within Maersk. You will work and communicate across geographical and cultural borders that will enable you to build a strong professional network. We believe people thrive when they are in charge of their career paths and professional growth. We will provide you with opportunities to broaden your knowledge and strengthen your technical and professional foundation.

By choosing Maersk, you join not only for the role, but for a career. From here your path may take you towards extended responsibilities within A.P. Moller – Maersk.

We aim to be a world-class professional IT organisation that delivers business value through automation, standardisation and innovation. We believe in empowerment where each of us takes ownership and responsibility for developing and implementing new ways of working.

At Maersk we value the diversity of our talent and will always strive to recruit the best person for the job – we value diversity in all its forms, including but not limited to: gender, age, nationality, race, sexual orientation, disability or religious beliefs. We are proud of our diversity and see it as a genuine source of strength for building high performing teams.

Role Purpose:

As a Data Scientist in the Cyber Operations department, your primary role will be to turn data into actionable insights, leveraging tools, statistical models, AI and Machine Learning to enable data-driven decision-making. As part of this, you will also contribute to the design and delivery of data engineering and integrations capabilities that enable Cyber Operations to automate workflows and generate intelligence from security data at scale.

You will report to the Head of Cyber Threat Intelligence (CTI), working alongside other CTI Analysts and Data Scientists, as a Subject Matter Expert (SME), working closely with other Cyber Security teams. You will be accountable for the effective collection, processing and analysis of large datasets to generate informative and actionable insights.

This is a unique opportunity to provide input into the future direction and operation of the CTI function within Maersk, including the Cyber Operations department’s AI strategy.

Key Responsibilities:

• Accountable for the effective collection, processing and analysis of large datasets to generate informative and actionable insights.
• Identify patterns, trends, and anomalies in security tooling, leveraging AI and data science techniques to inform decision‑making.
• Host, manage and interrogate databases to deliver automated and ad hoc reporting requests on security data.
• Develop and refine causal inference, predictive, statistical and machine learning models to enable threat detection and intelligence generation.
• Produce daily visual management dashboards using real‑time data, enabling cross‑team collaboration and swift identification of issues and focus areas.
• Facilitate performance tracking of People, Processes and Technologies against KPIs to drive continuous improvement and operational reporting.
• Disseminate curated data via secure APIs and MCP servers, and present work products in the stakeholder’s desired format, ensuring access is controlled by least privilege.
• Scope and respond to Requests for Information (RFIs) from stakeholders by providing timely data and analysis outputs.
• Responsible for developing, maintaining and enhancing the use of LLMs for Cyber Security use cases.
• Enhance threat intelligence capabilities by developing processes where automation and AI‑assisted analysis can improve efficiency.
• Accelerate automation and enable safe AI/GenAI adoption via secure data access and tool integrations that support agile workflows.
• Build and maintain data ingestion pipelines and connectors for internal and external cyber data sources (API-first, using MCP where available).
• Normalise, enrich and curate cyber security datasets, maintaining provenance (source, timestamp, confidence/quality indicators where available) to support trusted decision‑making.
• Implement engineering quality practices for pipelines and services, and document/maintain processes.

Relevant Services: Cyber Threat Intelligence

• Senior Cyber Leadership Team
• Head of Security Operations Centre
• Team of SOC Analysts
• Threat Hunting
• Red Team
• Cyber Defence Engineering
• Identity & Access Management
• Strategy Owners
• Cyber Risk Team
• Cyber Security Officers
• Wider Maersk Organisation

Primary Stakeholders: External Cyber Threat Intelligence source providers

Required Skills & Experience:

Professional qualifications:

• Bachelor’s degree in computer science, Engineering, Mathematics, Statistics, Data Science, or a related discipline (or an equivalent qualification).
• Certification or formal training in analytics engineering or data modelling (e.g. dimensional modelling, metrics design, data quality).
• Cloud certification or training in AWS or equivalent platforms, such as AWS Certified Data Engineer – Associate and/or AWS Certified Developer – Associate (or equivalent).
• Certification or formal training in Applied AI or Generative AI fundamentals.
• Cyber security or threat intelligence training is beneficial but not essential.
• Security certifications such as CEH, OSCP, SANS, or equivalent are desirable but not essential.

Technical skills & knowledge:

• Proficient in writing complex SQL queries for repeatable operational analytics and reporting.
• Proficient in applied Data Science / Machine Learning using Python, TypeScript/Node.js, or similar languages.
• Solid understanding of Forecasting process and algorithms and causality.
• Proficient in data visualization tools and techniques to effectively deliver complex findings.
• Solid cloud fundamentals, preferably with AWS (e.g., S3, Lambda, Glue, Step Functions, API Gateway, CloudWatch, or equivalent services).
• Strong data engineering and analytics fundamentals, including building reliable ETL/ELT pipelines, orchestration, data modelling, and implementing data quality controls.
• Familiarity with Model Context Protocol (MCP) or similar integration frameworks is desirable.
• Basic understanding of the intelligence lifecycle is beneficial but not essential.
• Awareness of the cyber threat landscape, including common adversary tactics, techniques, and procedures (TTPs) is desirable but not essential.
• Knowledge of standard methods / systems for analysis and prioritisation of vulnerabilities e.g. CVE, CVSS, is desirable but not essential.
• Understanding of political, operational, and security risks in the maritime, transport, and logistics sectors is preferable.

Professional qualifications:

• Bachelor’s degree in Computer Science, Engineering, Mathematics, Statistics, Data Science, or a related discipline (or an equivalent qualification).
• Certification or formal training in analytics engineering or data modelling (e.g. dimensional modelling, metrics design, data quality).
• Cloud certification or training in AWS or equivalent platforms, such as AWS Certified Data Engineer – Associate and/or AWS Certified Developer – Associate (or equivalent).
• Certification or formal training in Applied AI or Generative AI fundamentals.
• Cyber security or threat intelligence training is beneficial but not essential.
• Security certifications such as CEH, OSCP, SANS, or equivalent are desirable but not essential.

Technical skills & knowledge:

• Proficient in writing complex SQL queries for repeatable operational analytics and reporting.
• Proficient in applied Data Science / Machine Learning using Python, TypeScript/Node.js, or similar languages.
• Solid understanding of Forecasting process and algorithms and causality.
• Proficient in data visualization tools and techniques to effectively deliver complex findings.
• Solid cloud fundamentals, preferably with AWS (e.g., S3, Lambda, Glue, Step Functions, API Gateway, CloudWatch, or equivalent services).
• Strong data engineering and analytics fundamentals, including building reliable ETL/ELT pipelines, orchestration, data modelling, and implementing data quality controls.
• Familiarity with Model Context Protocol (MCP) or similar integration frameworks is desirable.
• Basic understanding of the intelligence lifecycle is beneficial but not essential.
• Awareness of the cyber threat landscape, including common adversary tactics, techniques, and procedures (TTPs) is desirable but not essential.
• Knowledge of standard methods / systems for analysis and prioritisation of vulnerabilities e.g. CVE, CVSS, is desirable but not essential.
• Understanding of political, operational, and security risks in the maritime, transport, and logistics sectors is preferable.

Professional skills:

• Excellent written and verbal communication skills (English) and able to be understood by both technical and non-technical personnel.
• A motivated and self-starting individual with ability to self-task.
• Strong interpersonal skills including, teamwork/collaboration and relationship building.
• Excellent time-management and workload prioritisation skills.
• Positive, can-do attitude, engaging, ability to accommodate agile methodologies and ability to work well under pressure.
• Can accommodate requirements that may from time-to-time, fall beyond CTI, into other Cyber Security disciplines.

Experience :

• 5+ years previous experience operating in a data analytics, science or engineering role, ideally within cyber security or similar.
• At least two years of experience with visualisation tools such as Power BI, MS Fabric, or Amazon QuickSight.
• Experience handling sensitive data and applying governance practices—access control, secrets management, encryption, and audit‑ready logging.
• Experience with API engineering and automation in a security operations context is desirable but not essential.
• Experience working with CTI teams, threat intelligence data, or TIP/SIEM integrations is desirable.

Key Measures:

• Timely dissemination of regular and ad-hoc products across the organisation.
• Application and review of existing processes (improvements through automation, data quality, and repeatable workflows).
• Delivery of reliable Cyber Security data feeds and curated outputs to internal consumers via APIs/MCP.
• Reliability of data pipelines and interfaces (e.g., freshness/latency, error rates, successful runs, and recovery time).

Maersk is committed to a diverse and inclusive workplace, and we embrace different styles of thinking. Maersk is an equal opportunities employer and welcomes applicants without regard to race, colour, gender, sex, age, religion, creed, national origin, ancestry, citizenship, marital status, sexual orientation, physical or mental disability, medical condition, pregnancy or parental leave, veteran status, gender identity, genetic information, or any other characteristic protected by applicable law. We will consider qualified applicants with criminal histories in a manner consistent with all legal requirements.

We are happy to support your need for any adjustments during the application and hiring process. If you need special assistance or an accommodation to use our website, apply for a position, or to perform a job, please contact us by emailing accommodationrequests@maersk.com .