Logo
Promote Project

Principal Threat Intelligence Analyst

Promote Project, Somerville, Massachusetts, us, 02145


Somerville, Massachusetts, United States50000 - 100000 a year (US Dollars)Principal Threat Intelligence Analyst

Location

Somerville, Massachusetts, United StatesSalary

50000 - 100000 a year (US Dollars)Description

Strategic and Persistent Threats, Insikt Group, Recorded FutureThis Role:As an analyst for Insikt Group’s Strategic and Persistent Threats (SPT) team, you will contribute to APT campaign tracking initiatives, support our Analyst on Demand service, mentor your colleagues on all things intrusion analysis, and represent Insikt Group’s research externally. This role supports proactive research and monitoring efforts into threat actor infrastructure, tools, and TTPs, as well as client-driven finished intelligence reports and requirements. Your research will be largely focused on state-sponsored threats emanating from China.What You’ll Do:Synthesize multiple technical datasets to derive novel insights and reporting related to state-sponsored APT activity tied to China;Establish methods of tracking APT campaigns using a combination of network, intrusion, and malware analysis skills;Support the fulfillment of client priority intelligence requirements via Recorded Future’s Analyst on Demand service;Mentor your colleagues on intrusion analysis and threat intelligence best practices;Identify new datasets to ingest and propose new analytics that can be developed to improve and/or automate portions of the intelligence cycle;Serve as a subject matter expert on Chinese state-sponsored threat activity;Work with the Advanced Reversing, Malware, Operations, and Reconnaissance team to identify, prioritize, and deploy various detection mechanisms for command & control infrastructure, malware families, and threat actor groups of interest;Stay on top of developments within the APT threat landscape and track key developments by following publications, blogs, and mailing lists;Represent the SPT team’s research (emphasis on China state-sponsored research) externally to journalists and media (anonymously or otherwise) in collaboration with Recorded Future’s public relations team;Work with engineering and data science teams to ensure relevant data and analytics are correctly designed, developed, and deployed in the Recorded Future platform.What You’ll Bring (Required):BA/BS or equivalent experience in Computer Science, Computer Engineering, Information Security, Security Studies, Intelligence, or a related field6+ years of experience in Information Security and/or Threat IntelligenceDemonstrable experience conducting technical threat analysis and researchDemonstrable experience with structured analytical techniques, the intelligence cycle, and intelligence writing techniques and methodologiesProven expertise in clustering and tracking multiple state-sponsored activity groups using techniques such as the Diamond Model of Intrusion AnalysisScripting capabilities in Python (preferred), Go, C, C++, or JavaFamiliarity with platforms & software such as Maltego, Jupyter Notebook, the ELK Stack, and Excel, among other common cyber threat intelligence research platformsIn-depth knowledge of TCP/IP and other networking protocols and datasets relevant to intrusion and network infrastructure analysisExperience working directly with clientsExperience with open-source intelligence-gathering tools and techniquesExcellent written and verbal communication; ability to convey complex technical and non-technical conceptsExcellent interpersonal and teamwork skills; ability to work with globally distributed team membersHighly Desirable Skills/Experience (not required):MA/MS or equivalent experience in Computer Science, Computer Engineering, Information Security, or a related fieldExperience writing network and endpoint detection signaturesExperience with Windows, iOS, Android, MacOS or malware analysisProficiency in a high-priority foreign language: preference for Chinese, Russian, Farsi, or Korean.Please mention the word

TROPHY

when applying to show you read the job post completely.Job type:

Remote jobTags

analystmacossecuritypythontechnicalsupportsoftwareanalyticsengineering

#J-18808-Ljbffr