Senior Threat Intelligence Analyst, Malicious Infrastructure Discovery

This Role:

Recorded Future's Insikt Group is seeking a Senior Threat Intelligence Analyst for the Malicious Infrastructure Discovery (MID) sub-team within Advanced Reversing, Malware, Operations, and Reconnaissance (ARMOR). This is a small, distributed team of experienced analysts monitoring and writing detections for malicious infrastructure. The team contributes to the Recorded Future Platform with up-to-date detections and supports our Analyst on Demand service, partners with our state-sponsored and cyber crime teams for technical support, and contributes to strategic research initiatives.

What You’ll Do: 

• Establish methods of identifying, signaturing, and validating malicious infrastructure used by a variety of threat actors for both commodity and custom malware;
• Conduct in-depth research on novel threats, dissecting the tactics, techniques, and procedures (TTPs) employed by threat actors, and publish research findings to clients and/or Recorded Future's public blog;
• Maintain up-to-date knowledge of developments within the malware landscape and track key developments by following publications, blogs, and mailing lists
• Serve as a subject matter expert on malicious infrastructure hunting to customers and/or the public via media engagements;
• Continuously improve and optimize threat intelligence processes, tools, and methodologies to enhance the team's ability to detect and respond to emerging threats, and proactively identify opportunities for automation and efficiency gains.
• Mentor and guide analysts within the team, fostering a culture of knowledge sharing, skill development, and professional growth, ensuring the team's collective expertise is continually advancing.
• Support the fulfilment of client priority intelligence requirements via Recorded Future’s Analyst on Demand service;

What You’ll Bring (Required):

• A passion for threat hunting and threat intelligence.
• Demonstrative understanding of malicious infrastructure detection to include C2s, botnets, etc. in the context of cyber security, pivoting, network defense, and business risk.
• BA/BS or equivalent experience in Computer Science, Computer Engineering, Information Security, Security Studies, Intelligence, or a related field
• 5+ years of experience in Information Security and/or Threat Intelligence
• Demonstrable experience conducting technical threat analysis and research
• Demonstrable experience with structured analytical techniques, the intelligence cycle, and intelligence writing techniques and methodologies
• Fluency in common CTI research and data analysis platforms/tools such as the Elastic Stack (ElasticSearch, Kibana), Maltego, Shodan, Censys, DomainTools, or other similar tools/datasets
• In-depth understanding of TCP/IP and other networking protocols and network traffic analysis techniques
• Understanding of how malware authors operate, their past activities, TTPs, motivations, etc.
• Experience working directly with clients
• Excellent written and verbal communication; ability to convey complex technical and non-technical concepts in both written and verbal formats
• Practical experience using common threat intelligence analysis models such as MITRE ATT&CK, the Diamond Model, and the Cyber Kill Chain
• Excellent interpersonal and teamwork skills; ability to work with globally distributed team members

Highly Desirable Skills/Experience (not required):

• MA/MS or equivalent experience in Computer Science, Computer Engineering, Information Security, or a related field
• Scripting capabilities (Python preferred)
• Experience writing network and endpoint signature detections using Suricata, Snort, YARA, SIGMA, etc.
• Experience with Windows, iOS, Android, or MacOS malware analysis
• Experience with business risk analysis / communicating business risks to executives