Recorded Future

Senior Threat Intelligence Analyst – Russia APT Focus

Recorded Future

full-time

Posted on:

Origin:  • 🇺🇸 United States • Massachusetts, Virginia

Visit company website
AI Apply
Manual Apply

Salary

💰 $127,000 - $160,000 per year

Job Level

Senior

Tech Stack

AndroidCyber SecurityGoiOSJavaMacOSPythonTCP/IP

About the role

  • Conduct proactive research on state-sponsored APT activity by synthesizing multiple technical datasets to develop novel insights and high-quality reporting
  • Establish and refine methods to track APT campaigns using network, intrusion, and malware analysis
  • Hunt for threat actor infrastructure and activity across diverse technical data sources, leveraging banner data, service metadata, and related technical artifacts
  • Identify, prioritize, and deploy detection mechanisms for command-and-control infrastructure, malware families, and threat groups of interest
  • Continuously evaluate and improve threat intelligence workflows, identifying opportunities to enhance automation, efficiency, and analytic precision
  • Stay up to date on evolving APT tradecraft by regularly reviewing technical publications, blogs, and intelligence from trusted sharing communities
  • Mentor colleagues on intrusion analysis tradecraft and threat intelligence best practices
  • Collaborate with geopolitical and regional analysis teams to support cross-functional research
  • Propose and evaluate new data sources and analytical methods to enhance or automate the intelligence cycle
  • Represent Insikt Group externally as a subject matter expert through customer briefings, media engagements, or public research dissemination
  • Collaborate with engineering and data science teams to ensure effective integration of relevant data and analytics into the Recorded Future platform
  • Support customer intelligence needs through Recorded Future’s Analyst-on-Demand service

Requirements

  • BA/BS or equivalent experience in Computer Science, Computer Engineering, Information Security, Security Studies, Intelligence, or a related field
  • Preferably 5+ years of experience in Information Security and/or Threat Intelligence
  • Demonstrated experience conducting technical threat analysis and research
  • In-depth knowledge of TCP/IP and other networking protocols and datasets relevant to intrusion and network infrastructure analysis
  • Demonstrated capability in identifying and tracking infrastructure through methods such as banner analysis and metadata correlation
  • Experience with static and dynamic malware analysis, including family attribution and variant clustering
  • Proficiency in scripting (Python preferred, or Go, C, C++, Java)
  • Fluency with common CTI research tools such as Maltego, Jupyter Notebook, the Elastic Stack, and similar tools
  • Proven experience applying structured analytical techniques and intelligence methodologies, including the intelligence cycle, intelligence writing best practices, and frameworks such as the Diamond Model
  • Familiarity with MITRE ATT&CK, the Cyber Kill Chain, and related models
  • Detailed understanding of existing APT groups’ past activities, TTPs, motivations, and targeting patterns
  • Experience with open-source intelligence-gathering tools and techniques
  • Experience working directly with customers, with strong written and verbal communication skills
  • Strong interpersonal and teamwork skills, including working with globally distributed team members
  • Preferred: MA/MS or equivalent experience in Computer Science, Computer Engineering, Information Security, or a related field
  • Preferred: Experience writing network and endpoint detection signatures
  • Preferred: Experience with Windows, iOS, Android, macOS, or malware analysis
  • Preferred: Proficiency in a high-priority foreign language (Arabic, Chinese, Farsi, Korean, Portuguese, Russian, or Spanish)