Overview
As a Senior Threat Intelligence Analyst on Insikt Group's Strategic and Persistent Threats (SPT) team, you will lead efforts to track state-sponsored APT campaigns, mentor peers in intrusion analysis, represent Insikt Group's expertise externally, and support Recorded Future's Analyst-on-Demand service. This role involves both proactive monitoring and in-depth research into threat actor infrastructure, tools, and TTPs, as well as the production of high-impact, client-driven finished intelligence. Your focus will be on state-sponsored cyber threats originating from Iran.
Responsibilities
* Conduct proactive research on state-sponsored APT activity by synthesizing multiple technical datasets to develop novel insights and high-quality reporting
* Establish and refine methods to track APT campaigns using network, intrusion, and malware analysis
* Hunt for threat actor infrastructure and activity across diverse technical data sources, leveraging banner data, service metadata, and related technical artifacts
* Identify, prioritize, and deploy detection mechanisms for command-and-control infrastructure, malware families, and threat groups of interest
* Continuously evaluate and improve threat intelligence workflows, identifying opportunities to enhance automation, efficiency, and analytic precision
* Stay up to date on evolving APT tradecraft by regularly reviewing technical publications, blogs, and intelligence from trusted sharing communities
* Mentor colleagues on intrusion analysis tradecraft and threat intelligence best practices, fostering a culture of knowledge sharing and continuous development
* Collaborate with geopolitical and regional analysis teams to support cross-functional research
* Propose and evaluate new data sources and analytical methods to enhance or automate the intelligence cycle
* Represent Insikt Group externally as a subject matter expert through customer briefings, media engagements, or public research dissemination
* Collaborate with engineering and data science teams to ensure effective integration of relevant data and analytics into the Recorded Future platform
* Support customer intelligence needs through Recorded Future's Analyst-on-Demand service, Blog & Podcast: Learn everything you want to know (and maybe some things you’d rather not know) about the world of cyber threat intelligence
Qualifications
* BA/BS or equivalent experience in Computer Science, Computer Engineering, Information Security, Security Studies, Intelligence, or a related field
* Preferably 5+ years of experience in Information Security and/or Threat Intelligence
* Demonstrated experience conducting technical threat analysis and research
* In-depth knowledge of TCP/IP and other networking protocols and datasets relevant to intrusion and network infrastructure analysis
* Demonstrated capability in identifying and tracking infrastructure through methods such as banner analysis and metadata correlation
* Experience with static and dynamic malware analysis, including family attribution and variant clustering
* Proficiency in scripting (Python preferred, or Go, C, C++, Java) and fluency with common CTI research tools such as Maltego, Jupyter Notebook, the Elastic Stack, and similar tools
* Proven experience applying structured analytical techniques and intelligence methodologies to assess state-sponsored threat activity, including the intelligence cycle, intelligence writing best practices, and frameworks such as the Diamond Model
* Familiarity with threat modeling and adversary tracking frameworks such as MITRE ATT&CK, the Cyber Kill Chain, and related models to support campaign clustering, detection development, and strategic reporting
* Detailed understanding of existing APT groups' past activities, TTPs, motivations, and targeting patterns
* Experience with open-source intelligence-gathering tools and techniques
* Experience working directly with customers, with strong written and verbal communication skills to clearly convey complex technical and non-technical concepts
* Strong interpersonal and teamwork skills, including working with globally distributed team members
* Highly Desirable Skills/Experience (not required): MA/MS or equivalent experience in Computer Science, Computer Engineering, Information Security, or a related field
* Experience writing network and endpoint detection signatures
* Experience with Windows, iOS, Android, macOS, or malware analysis
* Proficiency in a high-priority foreign language, with preference for Arabic, Chinese, Farsi, Korean, Portuguese, Russian, or Spanish
#J-18808-Ljbffr