Principal Threat Intelligence Analyst, EMEA

As a threat researcher for Insikt Group’s Strategic and Persistent Threats team, you will contribute to APT campaign tracking initiatives, support our Analyst on Demand service, mentor your colleagues on all things intrusion analysis, and represent Insikt Group’s research externally. This role supports both client-driven finished intelligence reports on cyber espionage-related topics, as well as internally-driven research and monitoring efforts into threat actor infrastructure, tools, and TTPs. Your research will be largely focused on threats emanating from China, Russia, North Korea, and/or Iran.

What You’ll Do As Principal Threat Intelligence Analyst: 

• Synthesize multiple technical datasets to derive novel insights and reporting related to state-sponsored APT activity tied to China, Russia, North Korea, and Iran;
• Establish methods of tracking APT campaigns using a combination of network, intrusion, and malware analysis skills;
• Support the fulfillment of client priority intelligence requirements via Recorded Future’s Analyst on Demand service;
• Mentor your colleagues on intrusion analysis and threat intelligence best practices.
• Identify new datasets to ingest and propose new analytics which can be developed to improve and/or automate portions of the intelligence cycle;
• Serve as a subject matter expert on state-sponsored threat activity;
• Work with the Operational Outcomes team to identify, prioritize, and deploy various detection mechanisms for malware families and threat actor groups of interest;
• Stay on top of developments within the APT threat landscape and track key developments by following publications, blogs, and mailing lists;
• Work with engineering and data science teams to ensure relevant data and analytics are designed, developed, and deployed properly in the Recorded Future platform.

What You’ll Bring As Principal Threat Intelligence Analyst (Required):

• BA/BS or equivalent experience in Computer Science, Computer Engineering, Information Security, Security Studies, Intelligence, or a related field
• 8+ years of experience in Information Security and/or Threat Intelligence
• Humility
• Demonstrable experience conducting technical threat analysis and research
• Demonstrable experience with structured analytical techniques, the intelligence cycle, and intelligence writing techniques and methodologies
• Proven expertise in clustering and tracking multiple state-sponsored activity groups using techniques such as the Diamond Model of Intrusion Analysis
• Scripting capabilities in Python (preferred), C, C++, or Java
• Familiarity with platforms such as MISP, Kibana, Maltego, and ElasticSearch
• Knowledge of TCP/IP and other networking protocols and datasets relevant to intrusion and network infrastructure analysis
• Experience developing intelligence requirements
• Experience working directly with clients
• Experience with open source intelligence gathering tools and techniques
• Excellent written and verbal communication; ability to convey complex technical and non-technical concepts
• Excellent interpersonal and teamwork skills; ability to work with globally distributed team members

Highly Desirable Skills/Experience (not required):

• MA/MS or equivalent experience in Computer Science, Computer Engineering, Information Security, or a related field
• Experience writing network and endpoint signature detections using SNORT and YARA
• Experience with Windows, iOS, Android, MacOS or malware analysis
• Proficiency in a high priority foreign language: preference for Chinese, Russian, Farsi, or Korean.