Threat Intelligence Analyst, Cyber

Strategic and Persistent Threats, Insikt Group, Recorded Future

This Role:

As a Senior Threat Intelligence Analyst on Insikt Group's Strategic and Persistent Threats (SPT) team, you will lead efforts to track state-sponsored APT campaigns, mentor peers in intrusion analysis, represent Insikt Group's expertise externally, and support Recorded Future's Analyst-on-Demand service.

This role involves both proactive monitoring and in-depth research into threat actor infrastructure, tools, and TTPs, as well as the production of high-impact, client-driven finished intelligence. Your focus will be on state-sponsored cyber threats originating from beyond the traditional "Big Four" (China, Russia, Iran, North Korea), with an emphasis on actors operating in regions such as Asia, Europe, the Middle East, and emerging areas of strategic interest.

What You'll Do:

• Conduct proactive research on state-sponsored APT activity by synthesizing multiple technical datasets to develop novel insights and high-quality reporting


• Establish and refine methods to track APT campaigns using network, intrusion, and malware analysis


• Hunt for threat actor infrastructure and activity across diverse technical data sources, leveraging banner data, service metadata, and related technical artifacts


• Identify, prioritize, and deploy detection mechanisms for command-and-control infrastructure, malware families, and threat groups of interest


• Continuously evaluate and improve threat intelligence workflows, identifying opportunities to enhance automation, efficiency, and analytic precision


• Stay up to date on evolving APT tradecraft by regularly reviewing technical publications, blogs, and intelligence from trusted sharing communities


• Mentor colleagues on intrusion analysis tradecraft and threat intelligence best practices, fostering a culture of knowledge sharing and continuous development


• Collaborate with geopolitical and regional analysis teams to support cross-functional research


• Propose and evaluate new data sources and analytical methods to enhance or automate the intelligence cycle


• Represent Insikt Group externally as a subject matter expert through customer briefings, media engagements, or public research dissemination


• Collaborate with engineering and data science teams to ensure effective integration of relevant data and analytics into the Recorded Future platform


• Support customer intelligence needs through Recorded Future's Analyst-on-Demand service

What You'll Bring (Required):

• BA/BS or equivalent experience in Computer Science, Computer Engineering, Information Security, Security Studies, Intelligence, or a related field


• Preferably 5+ years of experience in Information Security and/or Threat Intelligence


• Demonstrated experience conducting technical threat analysis and research


• In-depth knowledge of TCP/IP and other networking protocols and datasets relevant to intrusion and network infrastructure analysis


• Demonstrated capability in identifying and tracking infrastructure through methods such as banner analysis and metadata correlation


• Experience with static and dynamic malware analysis, including family attribution and variant clustering


• Proficiency in scripting (Python preferred, or Go, C, C++, Java) and fluency with common CTI research tools such as Maltego, Jupyter Notebook, the Elastic Stack, and similar tools


• Proven experience applying structured analytical techniques and intelligence methodologies to assess state-sponsored threat activity, including the intelligence cycle, intelligence writing best practices, and frameworks such as the Diamond Model


• Familiarity with threat modeling and adversary tracking frameworks such as MITRE ATT&CK, the Cyber Kill Chain, and related models to support campaign clustering, detection development, and strategic reporting


• Detailed understanding of existing APT groups' past activities, TTPs, motivations, and targeting patterns


• Experience with open-source intelligence-gathering tools and techniques


• Experience working directly with customers, with strong written and verbal communication skills to clearly convey complex technical and non-technical concepts


• Strong interpersonal and teamwork skills, including working with globally distributed team members

Highly Desirable Skills/Experience (not required):

• MA/MS or equivalent experience in Computer Science, Computer Engineering, Information Security, or a related field


• Experience writing network and endpoint detection signatures


• Experience with Windows, iOS, Android, macOS, or malware analysis


• Proficiency in a high-priority foreign language, with preference for Arabic, Chinese, Farsi, Korean, Portuguese, Russian, or Spanish