Recorded Future

Compensation

Full Description

Description: • Conduct proactive research on state-sponsored APT activity by synthesizing multiple technical datasets to develop novel insights and high-quality reporting • Establish and refine methods to track APT campaigns using network, intrusion, and malware analysis • Hunt for threat actor infrastructure and activity across diverse technical data sources, leveraging banner data, service metadata, and related technical artifacts • Identify, prioritize, and deploy detection mechanisms for command-and-control infrastructure, malware families, and threat groups of interest • Continuously evaluate and improve threat intelligence workflows, identifying opportunities to enhance automation, efficiency, and analytic precision • Stay up to date on evolving APT tradecraft by regularly reviewing technical publications, blogs, and intelligence from trusted sharing communities • Mentor colleagues on intrusion analysis tradecraft and threat intelligence best practices • Collaborate with geopolitical and regional analysis teams to support cross-functional research • Propose and evaluate new data sources and analytical methods to enhance or automate the intelligence cycle • Represent Insikt Group externally as a subject matter expert through customer briefings, media engagements, or public research dissemination • Collaborate with engineering and data science teams to ensure effective integration of relevant data and analytics into the Recorded Future platform • Support customer intelligence needs through Recorded Future’s Analyst-on-Demand service Requirements: • BA/BS or equivalent experience in Computer Science, Computer Engineering, Information Security, Security Studies, Intelligence, or a related field • Preferably 5+ years of experience in Information Security and/or Threat Intelligence • Demonstrated experience conducting technical threat analysis and research • In-depth knowledge of TCP/IP and other networking protocols and datasets relevant to intrusion and network infrastructure analysis • Demonstrated capability in identifying and tracking infrastructure through methods such as banner analysis and metadata correlation • Experience with static and dynamic malware analysis, including family attribution and variant clustering • Proficiency in scripting (Python preferred, or Go, C, C++, Java) • Fluency with common CTI research tools such as Maltego, Jupyter Notebook, the Elastic Stack, and similar tools • Proven experience applying structured analytical techniques and intelligence methodologies, including the intelligence cycle, intelligence writing best practices, and frameworks such as the Diamond Model • Familiarity with MITRE ATT&CK, the Cyber Kill Chain, and related models • Detailed understanding of existing APT groups’ past activities, TTPs, motivations, and targeting patterns • Experience with open-source intelligence-gathering tools and techniques • Experience working directly with customers, with strong written and verbal communication skills • Strong interpersonal and teamwork skills, including working with globally distributed team members • Preferred: MA/MS or equivalent experience in Computer Science, Computer Engineering, Information Security, or a related field • Preferred: Experience writing network and endpoint detection signatures • Preferred: Experience with Windows, iOS, Android, macOS, or malware analysis • Preferred: Proficiency in a high-priority foreign language (Arabic, Chinese, Farsi, Korean, Portuguese, Russian, or Spanish) Benefits: • This position may be eligible for incentive compensation, equity, and medical, dental, vision, life insurance and 401K. • Your recruiter can share more about the specific details of the compensation and benefit package during the hiring process.