Senior Threat Intelligence Analyst
Recorded Future (Posted Jan 2022)
This Role: As a Threat Intelligence Analyst for Insikt Group’s Strategic and Persistent Threats team, you will contribute to APT campaign tracking initiatives and support Recorded Future clients in the fulfillment of their intelligence requirements via our Analyst on Demand service. This role supports both client-driven finished intelligence reports on cyber espionage-related topics, as well as internally-driven research and monitoring efforts into threat actor infrastructure, tools, and TTPs. Your research will be largely focused on threats emanating from North Korea.
What You’ll Do as a Senior Threat Intelligence Analyst:
Support the fulfillment of client priority intelligence requirements via Recorded Future’s Analyst on Demand service
Synthesize multiple technical datasets to derive novel insights and reporting related to North Korean APT activity
Establish methods of tracking North Korean APT campaigns using a combination of network, intrusion, and malware analysis skills
Identify new datasets to ingest and propose new analytics which can be developed to improve and/or automate portions of the intelligence cycle
Serve as a subject matter expert on North Korean state-sponsored threat activity
Work with the Operational Outcomes team to identify, prioritize, and deploy various detection mechanisms for malware families and threat actor groups of interest
Stay on top of developments within the APT threat landscape and track key developments by following publications, blogs, and mailing lists
What You’ll Bring to the Senior Threat Intelligence Analyst role (Required):
BA/BS or equivalent experience in Computer Science, Computer Engineering, Information Security, Security Studies, Intelligence, or a related field
5+ years of experience in Information Security and/or Threat Intelligence
Demonstrable experience conducting technical threat analysis and research
Knowledge of TCP/IP and other networking protocols
Hands-on experience with structured analytical techniques, the intelligence cycle, and intelligence writing techniques and methodologies
Experience clustering and tracking multiple state-sponsored activity groups using techniques such as the Diamond Model of Intrusion Analysis
Experience helping to develop intelligence requirements
Experience working directly with clients
Knowledge of open source intelligence gathering tools and techniques
Excellent written and verbal communication; ability to convey complex technical and non-technical concepts
Excellent interpersonal and teamwork skills; ability to work with globally distributed team members
Highly Desirable Skills/Experience (not required):
MA/MS or equivalent experience in Computer Science, Computer Engineering, Information Security, or a related field
Experience writing network and endpoint signature detections using SNORT and YARA
Programming experience in Python, C, C++, or Java
Familiarity with platforms such as MISP, Kibana, Maltego, and ElasticSearch
Experience with Windows, iOS, Android, MacOS or malware analysis
Proficiency in a high priority foreign language: preference for Korean or Japanese. Other Asian languages are also desirable.
Last updated