ACE Team, Insikt Group, Recorded Future

This role: Recorded Future’s Insikt Group is looking for a seasoned cybercrime-focused senior threat analyst to focus on deep web investigations and operations. Among other activities, you’ll monitor cybercrime trends, activities, and methodology across multiple platforms including open-source reporting, darknet forums, and other platforms, as well as chat services and other direct communications. You will be engaged in both proactive research and in responding to requests from clients related to the deep web.

What you’ll do as a Threat Analyst:

• Create and devise new sourcing, collecting, and curating new data into the Recorded Future Platform
• Lead and direct finished intelligence products for Recorded Future Analyst on Demand clients 
• Write reports ranging from brief descriptions of threats and threat actors to detailed finished intelligence reports for clients and the general public
• Able to engage with threat actors on a long-term basis in order to obtain additional information beyond what has been posted publicly on forums and similar platforms
• Propose and oversee proactive reporting topics on cybercriminal-related TTPs and trends for internal and public consumption
• Represent Recorded Future professionally at conferences and events including, but not limited to, webinars, speaking engagements, client presentations, scoping calls, and internal and external media engagements
• Work collaboratively across internal teams to help enhance Recorded Future’s collection, sourcing, research, and reporting capabilities by mentoring more junior analysts

What you’ll bring as a Threat Analyst (required):

• 6+ years of professional experience in roles in cyber intelligence, cyber investigations, or other related disciplines
• Knowledge and experience with analytic tradecraft, the intelligence cycle, open-source intelligence gathering techniques, and strong intelligence writing skills, techniques, and methodologies
• Familiarity with legal and regulatory requirements for acquisition of digital information and the standards for collecting digital evidence under US Federal laws
• Significant experience conducting investigations and tracking campaigns on threat groups operating on the darknet with a focus on topics such as leaked databases and credentials, ransomware, DDoS operations, bot networks, criminal marketplaces and other current and emerging threats
• Deep knowledge and understanding of malicious tools and software used for cybercriminal activity and ability to track and trace groups using a wide range of telemetry.
• Knowledge of money laundering, fraud, and current cyber-enabled crime TTPs
• Firm knowledge and understanding of most computer operating systems, networking concepts and security fundamentals.
• Firm understanding of blockchain and cryptocurrencies technologies to include trades, transfers, tracking, maintaining, documentation and preservation
• Understanding of security best practices to maintain the anonymity of both yourself and Recorded Future while operating on dark web sources
• Ability to work well with others both senior and junior to yourself as part of a team working towards a unified goal

Additional skills/experience (preferred but not required):

• Foreign language proficiency: strong preference for Russian, Chinese, Farsi, or Southeast Asian languages
• BA/BS or MA/MS degree or equivalent experience in Computer Science, Computer engineering, Computer programming, Digital Forensics, or a related discipline
• Government, security or law enforcement experience
• Extensive knowledge of Hacktivist trends and activities
• Extensive knowledge or understanding of the links and relationships between cybercriminal, hacktivist, extremist, and nation-state operations and organizations
• Extensive knowledge of money laundering TTPs