Threat Hunt Intelligence Analyst - Black Lotus Labs

Black Lotus Labs is looking for a Senior Lead Security Engineer to leverage Lumen's visibility to hunt Advanced Persistent Threat (APT) actors and scale the discovery of evolving malicious threats. Our global visibility over one of the world's largest IP backbones and our computing clusters provide exciting opportunities to integrate machine learning and graph analytics to find new threats across the internet. Black Lotus Labs has a history of detecting and disrupting key threats at an internet scale.
This role involves working with security researchers, data engineers, and malware reverse engineers, mentoring analysts, engineers, and data scientists to address evolving threats using technologies like Hadoop (HBase, HDFS, Spark, Kafka, AirFlow), Elasticsearch, Redis, Docker, malware environments, and honeypots.
This is a remote, work-from-home position with opportunities to expand our global team to better protect critical networks worldwide.

• Research the latest attacker tools, techniques, and procedures (TTPs) to automate detection.
• Analyze attacks using network, forensic, and OSINT methods.
• Develop tactical solutions for triage and analysis of malicious artifacts.
• Conduct network and malware analysis to identify malicious activities and derive Indicators of Compromise (IOCs) and detection rules.
• Collaborate with the team to analyze evolving threats, leveraging data science tools like machine learning and graph analytics.
• Prioritize threats and allocate analysis time effectively.
• Build trust with other intelligence groups, law enforcement, and external partners.
• Serve as the point-of-contact in a rotational cycle for research event triage.
• Create and share cyber threat intelligence products and briefings.
• Overlap at least 10 hours weekly with US working hours.

Ideal candidates will have:

• Deep technical knowledge of adversary capabilities, infrastructure, and techniques for threat discovery and tracking.
• Experience with OSINT for threat investigation, including malware repositories.
• Scripting skills in Python and familiarity with distributed computing.
• Extensive experience hunting threat actors and developing algorithms for large data set analysis.
• Knowledge of network-based threats and behavior analysis without payloads.
• Strong analytical skills and quick adaptability to new tools and methods.
• Experience in Unix-based environments and SQL data extraction.
• Excellent writing skills for public sharing of knowledge.
• Knowledge of cybersecurity concepts, network protocols, firewalls, IDS/IPS, email security, endpoint security, malware analysis, threat intelligence, and cloud security.

Additional desirable skills include:

• Experience with Spark, distributed computing, law enforcement collaboration.
• Development of automation and analysis tools in Python.
• Malware static/dynamic analysis skills.
• Ability to analyze large data sets and communicate findings.
• Team collaboration and mentorship abilities.

Preferred qualifications include:

• Knowledge of machine learning applications in cybersecurity.
• Public speaking experience and willingness to share technical knowledge publicly.

This reflects the estimated salary range based on location, skills, and experience. Pay varies by state and individual factors.

Location-based ranges:

$129,639 - $190,137 in certain states, $136,121 - $199,643 in others, and $142,603 - $209,150 in additional states.

Lumen offers comprehensive benefits and perks to support your wellbeing. Additional questions about bonuses and incentives can be addressed during the hiring process.