Senior Emerging Threat Intelligence Analyst

We are seeking a uniquely talented individual who combines the technical acumen of a Cyber Threat Hunter with the expressive skills of a Technical Writer to work as an Emerging Threat Intelligence Analyst. This individual will be a critical component of Recorded Future’s Insikt Group, and will be a point person for cross-team collaboration both throughout Insikt Group as well as with Recorded Future’s Attack Surface Intelligence Quick Reaction Team (QRT). This individual will aid in the identification, assessment, and communication of new and emergent threats in the cybersecurity landscape, specifically vulnerability intelligence and detection.

Responsibilities

• Vulnerability Analysis: You are tasked with the prompt identification, thorough analysis, and comprehensive assessment of emerging cybersecurity threats, specifically recently disclosed or exploited vulnerabilities. Your technical prowess will be crucial in ensuring our preparedness for potential risks and understanding the implications of prompt and thorough analysis of high-impact vulnerabilities. 
• Threat Analysis: You are tasked with the production and review of intelligence summaries accessible to all Recorded Future clients. These summaries will detail a variety of cyber threat events, including recent cyber attacks and adjustments in known threat groups’ tactics, techniques, and procedures (TTPs).
• Technical Authorship: Utilizing your skill in making complex concepts accessible, you will convert intricate technical insights into engaging and easily understandable blog posts, client disclosures, and Insikt Notes. Each publication should comprehensively address the nature of the threat, its potential impact, suggested mitigation strategies, and a succinct summary for quick referencing.
• Detection Engineering: Design and develop Nuclei templates for vulnerability scanning, ensuring these templates are tailored to detect new and emerging vulnerabilities efficiently. Develop custom lab environments and proof-of-concept code based on specific vulnerability signatures and behaviors. Maintain an up-to-date repository of these templates, and continually refine them to improve detection accuracy and performance. This involves creating test cases, simulating attack scenarios, and verifying that the templates correctly identify vulnerabilities without producing false positives.
• Research Collaboration: You will partner with teams within Insikt Group to augment our collective understanding of emergent threats and vulnerabilities. This collaborative exploration will subsequently inform and enhance our proactive protective measures.
• Cross-team Collaboration: You will be responsible for working on projects across multiple research teams within Insikt Group and QRT with weekly content production and tight deadlines. 
• Detailed Documentation: Your role involves meticulous record-keeping, noting intricate details of identified vulnerabilities, methodologies of discovery, and potential implications. This comprehensive record aids in understanding the nature of threats and planning appropriate responses.
• Continual Professional Development: Stay abreast of the latest advancements in cybersecurity trends, threat tactics, and research methodologies, ensuring our collective knowledge remains current and comprehensive.

Qualifications

• A degree in Cybersecurity, Computer Science, Information Technology, or a related discipline.
• A minimum of 3 years of substantial experience in cybersecurity, with a focus on threat detection, penetration testing, or vulnerability assessment.
• A solid grasp of fundamental cybersecurity principles, attack trajectories, and techniques for vulnerability analysis.
• Demonstrable experience researching and analyzing new cyber threats across either a) multiple industries or b) multiple timeframes (e.g., both weekly and quarterly)
• Demonstrable experience deploying known vulnerable infrastructure within a lab environment for analysis.
• Demonstrable experience creating and authoring Nuclei templates for vulnerability identification and validation.
• Practical experience using common threat intelligence analysis models such as MITRE ATT&CK, D3FEND, the Diamond Model, and the Cyber Kill Chain
• Practical experience with network and web application penetration testing tools such as, Burp Suite, NMap, Fiddler, and Wireshark
• Familiarity with and use of common cyber threat intelligence tools such as DomainTools, VirusTotal, SHODAN, etc.
• Demonstrable experience in technical writing, showcasing an ability to translate complex technical concepts into engaging, reader-friendly content.
• Demonstrably strong writing ability, to be assessed via a writing sample
• A meticulous attention to detail, underscoring a commitment to accuracy and thoroughness in all aspects of work.
• Capable of functioning effectively within a team as well as independently.

Preferred but not required:

• Relevant industry certifications such as OSCP, OSWA, GWAPT, Pentest+, or equivalent.
• Familiarity with scripting and programming languages such as YAML, Python, Golang, Javascript, C, etc. 
• Prior experience within a quick reaction or incident response team environment.
• Practical experience with malware detections, including YARA, Sigma, and Snort