Threat Intelligence Analyst, Cybercrime

ACE Team, Insikt Group, Recorded Future

This role: Recorded Future’s Insikt Group seeks a mid-level cybercrime-focused Threat Intelligence Analyst with 3+ years of experience to focus on criminal investigations and operations. Among other activities, you’ll monitor cybercrime trends, activities, and methodologies across multiple criminal source types, including open-source reporting, criminal source types (forums, marketplace, shops, among others), and chat and other direct communication platforms. You will be engaged in both proactive research and in responding to requests from clients related to cybercriminality.

What you’ll do:

• Create and devise new sourcing, collecting, and curating new data into the Recorded Future Platform
• Write reports ranging from brief descriptions of threats and threat actors to detailed finished intelligence reports for clients and the general public.
• Able to engage with threat actors on a long-term basis to obtain additional information beyond what has been posted publicly on forums and similar platforms
• Propose and oversee proactive reporting topics on cybercriminal-related TTPs and trends for internal and public consumption.
• Work collaboratively across internal teams to help enhance Recorded Future’s collection, sourcing, research, and reporting capabilities by mentoring more junior analysts.
• Represent Recorded Future professionally at conferences and events including, but not limited to, webinars, speaking engagements, client presentations, scoping calls, and internal and external media engagements.

What you’ll bring (required):

• 3+ years of professional experience in roles in cyber intelligence, cyber and fraud investigations, or casework in other related disciplines.
• Knowledge and experience with analytic tradecraft, the intelligence cycle, open-source intelligence-gathering techniques, and strong intelligence writing skills, techniques, and methodologies
• Familiarity with legal and regulatory requirements for acquisition of digital information and the standards for collecting digital evidence under US Federal laws
• Experience conducting investigations and tracking campaigns on threat groups operating on criminal and clearnet sources, focusing on topics such as leaked databases and credentials, ransomware, DDoS operations, criminal marketplaces, and other current and emerging threats.
• Knowledge and understanding of malicious tools and software used for cybercriminal activity and the ability to track and trace threat groups using a wide range of telemetry.
• Knowledge of money laundering, fraud, and current cyber-enabled crime TTPs.
• Knowledge and understanding of most computer operating systems, networking concepts, and security fundamentals.
• Understanding of blockchain and cryptocurrency technologies, including trades, transfers, tracking, maintenance, documentation, and preservation.
• Apply operational security (OPSEC) best practices to maintain the anonymity of yourself and Recorded Future while operating on criminal sources.
• Ability to work well as part of a team working towards a unified goal.
• Strong time management skills that align with prioritizing day-to-day expectations with proactive research.

Additional skills/experience (preferred but not required):

• Foreign language proficiency: strong preference for Russian, Chinese, Farsi, Arabic, or Southeast Asian languages.
• BA/BS or MA/MS degree or equivalent experience in Computer Science, Computer Engineering, Computer Programming, Digital Forensics, or a related discipline.
• Government, security, or law enforcement experience.
• Knowledge of Hacktivist trends and activities.
• Knowledge or understanding of the links and relationships between cybercriminal, hacktivist, extremist, and state-sponsored operations and organizations.
• Knowledge of money laundering TTPs, and has transacted in cryptocurrencies.
• Familiarity with malware analysis, campaign infrastructure, and interpreting larger datasets.

#LI-Remote