Threat Intelligence Analyst
With 1,000 employees, over $250M in sales, 1,500+ clients, and rapid year-over-year growth, Recorded Future is the world’s most advanced, and largest, intelligence company!
This Role: New and Emerging Threats (NETs) is a subteam of Insikt Group’s Advanced Reversing, Malware, Operations, and Reconnaissance (ARMOR) team. Our team vision is to highlight novel and emerging tactics, techniques, and procedures (TTPs) used by threat actors while helping Recorded Future clients better detect and respond to such threats.
As a threat intelligence analyst for Insikt Group’s NETs team, your responsibilities will fall into 3 categories: research, analysis, and authoring of client RFIs; research, review, and publication of Insikt Group Notes to the Recorded Future Platform; and malware analysis resulting in the creation of detections (YARA, Sigma, Snort).
This role supports finished intelligence reports on topics such as malware and offensive security tooling, vulnerabilities, cloud security, and TTP trends. Previous research experience is required.
What You’ll Do As Threat Intelligence Analyst:
- Author, review, and deliver finished intelligence reports that address clients’ priority intelligence requirements (PIRs) across a broad range of cyber threat activity topics
- Engage with clients across a report’s lifecycle: initial scoping, finished intelligence delivery, and follow-up review or support
- Author, review, and publish content to the Recorded Future Platform in the form of Insikt Group Notes
- Analyze malware and create effective detections using YARA, Sigma, or Snort that will be published to the Recorded Future Platform
- Monitor and track developments within the malware threat landscape by following publications, blogs, and mailing lists
- Work on projects across multiple research teams, sometimes with tight deadlines
- Collaborate with a team of highly skilled analysts with expertise across many areas of cybersecurity and threat intelligence
What You’ll Bring to the Threat Intelligence Analyst role (Required):
- 2+ years of experience in Information Security and/or Threat Intelligence
- BA/BS or MA/MS degree; or equivalent experience in Computer Science, Information Security, Cybersecurity, or a related field
- Strong English writing ability, which will be assessed via a writing sample
- Excellent verbal communication, including the ability to convey complex technical and non-technical concepts to audiences of varying expertise
- Familiarity with analytic tradecraft, intelligence analysis, writing techniques, and research methodologies
- Proficiency conducting threat hunting, malware analysis, or reverse engineering for Windows, macOS, or Linux
- Experience writing and testing network and endpoint signature detections (YARA, Sigma, Snort)
- Practical experience using MITRE ATT&CK and the Diamond Model
- Knowledge of the Windows operating system and the Windows API
Highly Desirable Skills/Experience (not required):
- Scripting experience in Python, Go, Powershell, or Bash
- Programming experience in C, C++ or Java
- Working knowledge of network and malware analysis tools such as Wireshark, FakeNet, IDA, Ghidra, PeStudio, x32/64dbg, dnSpy, etc.
- Familiarity with cloud architecture, implementation, and security
Why should you join Recorded Future?
Recorded Future employees (or “Futurists”), represent over 40 nationalities and embody our core values of having high standards, practicing inclusion, and acting ethically. Our dedication to empowering clients with intelligence to disrupt adversaries has earned us a 4.8-star user rating from Gartner and 8 of the top 10 Fortune 100 companies as clients.
Want more info?
Blog & Podcast: Learn everything you want to know (and maybe some things you’d rather not know) about the world of cyber threat intelligence
Instagram & Twitter: What’s happening at Recorded Future
The Record: The Record is a cybersecurity news publication that explores the untold stories in this rapidly changing field
Timeline: History of Recorded Future
Recognition: Check out our awards and announcements
Recorded Future is an equal opportunity and affirmative action employer and we encourage candidates from all backgrounds to apply. Recorded Future does not discriminate based on race, religion, color, national origin, gender including pregnancy, sexual orientation, gender identity, age, marital status, veteran status, disability or any other characteristic protected by law.
Recorded Future will not discharge, discipline or in any other manner discriminate against any employee or applicant for employment because such employee or applicant has inquired about, discussed, or disclosed the compensation of the employee or applicant or another employee or applicant.