This Role: New and Emerging Threats (NETs) is a subteam of Insikt Group’s Advanced Reversing, Malware, Operations, and Reconnaissance (ARMOR) team. Our team vision is to highlight novel and emerging tactics, techniques, and procedures (TTPs) used by threat actors while helping Recorded Future clients better detect and respond to such threats.

As a threat intelligence analyst for Insikt Group’s NETs team, your responsibilities will fall into 3 categories: research, analysis, and authoring of client RFIs; research, review, and publication of Insikt Group Notes to the Recorded Future Platform; and malware analysis resulting in the creation of detections (YARA, Sigma, Snort).

This role supports finished intelligence reports on topics such as malware and offensive security tooling, vulnerabilities, cloud security, and TTP trends. Previous research experience is required.

What You’ll Do As Threat Intelligence Analyst:

• Author, review, and deliver finished intelligence reports that address clients’ priority intelligence requirements (PIRs) across a broad range of cyber threat activity topics
• Engage with clients across a report’s lifecycle: initial scoping, finished intelligence delivery, and follow-up review or support
• Author, review, and publish content to the Recorded Future Platform in the form of Insikt Group Notes
• Analyze malware and create effective detections using YARA, Sigma, or Snort that will be published to the Recorded Future Platform
• Monitor and track developments within the malware threat landscape by following publications, blogs, and mailing lists
• Work on projects across multiple research teams, sometimes with tight deadlines
• Collaborate with a team of highly skilled analysts with expertise across many areas of cybersecurity and threat intelligence

What You’ll Bring to the Threat Intelligence Analyst role (Required):

• 2+ years of experience in Information Security and/or Threat Intelligence
• BA/BS or MA/MS degree; or equivalent experience in Computer Science, Information Security, Cybersecurity, or a related field
• Strong English writing ability, which will be assessed via a writing sample
• Excellent verbal communication, including the ability to convey complex technical and non-technical concepts to audiences of varying expertise
• Familiarity with analytic tradecraft, intelligence analysis, writing techniques, and research methodologies
• Proficiency conducting threat hunting, malware analysis, or reverse engineering for Windows, macOS, or Linux
• Experience writing and testing network and endpoint signature detections (YARA, Sigma, Snort)
• Practical experience using MITRE ATT&CK and the Diamond Model
• Knowledge of the Windows operating system and the Windows API

Highly Desirable Skills/Experience (not required):

• Scripting experience in Python, Go, Powershell, or Bash
• Programming experience in C, C++ or Java
• Working knowledge of network and malware analysis tools such as Wireshark, FakeNet, IDA, Ghidra, PeStudio, x32/64dbg, dnSpy, etc.
• Familiarity with cloud architecture, implementation, and security