Senior Identity Intelligence Analyst

Summary

Join Red Canary's Intelligence Team as a key contributor in in-depth threat analysis. Investigate raw telemetry, analyze threats, and conduct open-source research to associate activity with known adversaries, focusing on identity-based threat actors and cloud-targeted TTPs. Collaborate with internal and external teams, produce actionable intelligence reports, and define new threat clusters. Communicate unique trends and noteworthy threat actor TTPs through blogs and presentations. Stay updated on emerging threats, suggest workflow improvements, and support customers in understanding and responding to their specific threat models. This role requires strong collaboration, outstanding communication, and experience in open-source threat research. Even if you don't meet every requirement, we encourage you to apply.

Requirements

• Experience with, or a drive to research, cloud and SaaS providers, including AWS, GCP, Azure, Office 365, and Google Workspaces, and cloud attack techniques or cloud-based threat groups
• Proficiency in analytical problem-solving, quick learning of tools, and familiarity with query languages and data platforms like SQL, Splunk, Elasticsearch, Synapse Storm, or others
• Strong analytical and problem-solving skills, including the ability to synthesize complex and contradictory information
• Experience in open-source threat research, including social media, blog posts, and malware sandboxes
• Knowledge of cyber threat intelligence concepts including attribution, group naming, making assessments, and pivoting. Familiarity with the mechanics of attack behaviors and MITRE ATT&CK ®
• Experience tracking adversaries, including threat groups, activity groups, or malware families, and ability to differentiate unique and shared characteristics of clusters
• Outstanding communication skills, both written and verbal, including the ability to communicate technical concepts in a clear, succinct fashion to subject matter and non-subject matter experts alike
• Experience in Intelligence, Security Operations Center (SOC), Digital Forensics and Incident Response (DFIR), or other security-focused roles
• Curiosity and adaptability to dive into data, tackle new challenges, and thrive in a fast-paced environment

Responsibilities

• Research known and emerging threats with cloud and SaaS providers, including AWS, GCP, Azure, Office 365, and Google Workspaces
• Investigate telemetry and malicious activity to identify threats, provide context, and guide detection and response decisions. Work with Engineers and Data Scientists to ensure relevant data from Cloud and Identity telemetry sources are properly stored and indexed for historical analysis at scale
• Conduct open and closed source research to associate suspicious activity with known threats and to communicate threats of concern to our customers. Sources include social media, blog posts, intelligence reports, sandbox output, private information sharing partners, internal detections, and more
• Process and analyze patterns and trends in detections and write actionable intelligence products to track TTPs, detection coverage, and remediation strategies
• Define and analyze new activity clusters based on analysis of malicious and suspicious behaviors and activity observed across our customer base
• Produce intelligence reports and communicate actionable insights based on analysis, both internally and externally to customers and the community
• Actively engage with internal teams, external partners, customers, and the infosec community to share knowledge and enhance collaboration
• Respond to customer questions about threats to help them understand their threat model, what matters to their organization, and what actions they can take in response to various threats
• Validate Red Canary’s detection coverage against the continuously evolving threat landscape and identify unique or emerging threats to build detection coverage for
• Mentor team members and contribute to the development of intelligence analysis expertise. Suggest new methods, processes, and products that the team could adopt to help us achieve our mission and improve our workflows

Benefits

• 100% Paid Premiums: Red Canary offers a 100% paid plan option for medical, dental and vision for you and your dependents. No waiting period
• Health & Wellness - Access to mental health services, Employee Assistance Program and additional programs to incentivize healthy habits
• Fertility Benefits: All new hires are eligible for benefits as of their first day
• Flexible Time Off: Take the time you need to recharge including vacation, sick, bereavement, jury duty, and holidays
• Paid Parental Leave- Full base pay to bond/care for your new child
• Pre-Tax Plans - Red Canary offers a variety of plans to fit you and your dependent specific needs including FSA, HRA and HSA, with employer funding to offset out of pocket health care expenses
• Flexible Work Environment- With 60% remote workforce, Canaries can work virtually from almost anywhere in the US
• Bonus program eligibility
• Stock options eligibility