This Role: As a threat researcher for Insikt Group’s Strategic and Persistent Threats team, you will contribute to APT campaign tracking initiatives and support our Analyst on Demand service. This role supports both client-driven finished intelligence reports on cyber espionage-related topics, as well as internally-driven research and monitoring efforts into threat actor infrastructure, tools, and TTPs. Your research will be focused on state-sponsored cyber threats emanating from Russia.

What You’ll Do as Threat Intelligence Analyst:

• Synthesize multiple technical datasets to derive novel insights and reporting related to Russian state-sponsored APT activity;
• Establish methods of tracking APT campaigns using a combination of network, intrusion, and malware analysis skills;
• Hunt for threat actor activity in multiple technical datasets;
• Support the fulfillment of client priority intelligence requirements via Recorded Future’s Analyst on Demand service;
• Serve as a subject matter expert on Russian state-sponsored threat activity to customers and/or the public via media engagements;
• Drive prioritization, development, and deployment of network signatures to detect activity from malware families of interest;
• Stay on top of developments within the APT threat landscape and track key developments by following publications, blogs, and industry trust groups;

What You’ll Bring as the Threat Intelligence Analyst (Required):

• BA/BS or equivalent experience in Computer Science, Computer Engineering, Information Security, Security Studies, Intelligence, or a related field
• 3+ years of experience in Information Security and/or Threat Intelligence
• Experience conducting technical threat analysis and research
• Knowledge of structured analytical techniques, the intelligence cycle, and intelligence writing techniques and methodologies
• Familiarity with common CTI research and data analysis platforms/tools such as the ELK Stack (ElasticSearch, Kibana), Maltego, Shodan, DomainTools, or other similar tools/datasets
• Knowledge of TCP/IP and other networking protocols and network traffic analysis techniques
• Knowledge of existing Russian APT groups - past activities, TTPs, motivations, etc.
• Experience working directly with clients
• Strong written and verbal communication skills; ability to convey complex technical and non-technical concepts
• Excellent interpersonal and teamwork skills; ability to work with globally distributed team members

Highly Desirable Skills/Experience (not required):

• MA/MS or equivalent experience in Computer Science, Computer Engineering, Information Security, or a related field
• Scripting capabilities (Python preferred)
• Experience writing network and endpoint signature detections using SNORT, YARA, SIGMA, etc.
• Experience with Windows, iOS, Android, or MacOS malware analysis
• Proficiency in Russian and/or Ukrainian
• Geopolitical knowledge of the Eastern Europe writ large and Russia specifically