Threat Intelligence Analyst

Why it’s worth it:

The ReliaQuest Threat Intelligence team provides timely, comprehensive intelligence that empowers high-fidelity detections, identifies known and emerging threats, and equips our customers with the knowledge to act decisively. Via our industry-leading security operations platform, GreyMatter, we produce operational, strategic, and tactical intelligence that delivers actionable insights into threat actor tactics, techniques, and procedures. Beyond this, we act as a thought leader in cybersecurity by offering original insights that highlight our expertise in detecting, containing, investigating, and responding to adversaries. If you thrive in a high-performance environment, this role will challenge you to push your boundaries, innovate continually, and operate at pace.

The everyday hustle:

1. Identify and evaluate trends, dynamics, and developments in the cyber threat landscape by conducting primary-source research and analyzing telemetry.
2. Maintain the GreyMatter platform’s threat intelligence library by writing timely, accurate, and relevant customer-facing deliverables covering threat actors, vulnerabilities, campaigns, and malware.
3. Supply intelligence to internal teams to enrich our threat detection, containment, investigation, and response capabilities.
4. Conduct investigations to support fast-turnaround and long-form customer requests for information, including in incident response scenarios.
5. Publish emergency customer advisories to alert on impactful developments requiring immediate action.
6. Carry out research and operations on the clear, deep, and dark web, including active threat actor elicitations.
7. Propose and author extended original research projects to strengthen ReliaQuest as a trusted voice and leader within the threat intelligence community.
8. Act as a trusted technical advisor to customers in ad hoc meetings and regular business reviews, understanding their unique environment and challenges to optimize their cyber resiliency.

Do you have what it takes?

1. 3-4 years’ experience of working in cybersecurity and/or cyber threat intelligence.
2. A relevant bachelor’s degree (e.g., languages, computer science, cybersecurity, international relations, political science), equivalent education, or appropriate professional experience.
3. Knowledge of cyber adversary tactics, techniques, and procedures (TTPs).
4. Proficiency in conducting technical and tactical investigations into atomic IOCs, threat actor methodologies, malware, and vulnerabilities.
5. Familiarity with the intelligence cycle, structured analytical techniques, and appropriate analytical frameworks (including Cyber Kill Chain, Diamond Model, MITRE ATT&CK).
6. Capacity to read security logs and code to understand the content and context.
7. Strong analytical skills, a demonstrated writing ability, and excellent verbal communication.
8. Experience working in online intelligence investigations and analysis, including strong OSINT skills.
9. Ability to deliver at pace, find solutions, and adapt in a constantly evolving organization.

What makes you uncommon?

1. Understanding of cybersecurity and IT disciplines including networking, operating systems, authentication protocols, security incident response, and enterprise technical security solutions (SIEM, IDS/IPS, firewall solutions, offensive security tools).
2. Basic knowledge of Linux/Unix operating systems.
3. Certifications such as Network+, Security+, CySA+.
4. Experience with scripting or programming, including malware reverse engineering.
5. Professional-level foreign language skills, preferably Russian, Farsi, or Chinese.
6. Data or statistical analysis skills.
7. Familiarity with open, deep, and dark web cybercriminal marketplaces and forums.
8. Experience of online HUMINT operations and/or social engineering techniques.