Senior Threat Intelligence Researcher

Summary

Join Anomali's growing Intelligence team as a Senior Threat Intel Researcher. Lead efforts to track, analyze, and classify data from cybercriminal underground ecosystems. Uncover actionable threat intelligence to support Anomali's product evolution. This research-focused role requires deep cyber threat intelligence experience and independent work in a fast-paced environment. You will collaborate with internal teams to integrate findings into cutting-edge security solutions. The ideal candidate is technically proficient and highly motivated.

Requirements

• Obtain a Bachelor’s degree or have an additional 3 years of experience in Cybersecurity, Computer Science, Data Science, Intelligence Studies, or relevant work, in lieu of degree
• Have 4+ years of professional experience in cyber threat intelligence, open-source intelligence, or information security
• Demonstrate the proven ability to design, implement, and interact with RESTful and other API types for data retrieval and integration
• Possess a deep understanding of technical terminology, tools, and tactics used by state-backed and cybercriminal adversaries
• Have experience navigating and analyzing large, unstructured datasets
• Possess comprehensive knowledge of operational security (OPSEC) principles and best practices
• Demonstrate the ability to work collaboratively in a remote team environment across different time zones
• Must not now, or in the future, require visa sponsorship to work in the US

Responsibilities

• Conduct proactive investigations into cybercriminal underground economies, hidden sites, and forums of interest to identify emerging threats
• Identify emerging operations and trends by conducting extensive research into cyber, physical, and information-related threat activity. Provide actionable communications, countermeasures, and recommendations for decision-makers with minimal oversight
• Use a Threat Intelligence Platform (TIP) to collect, organize, correlate, and analyze cyber threat data from various sources to extract relevant and timely indicators for near real-time sharing
• Implement data analysis practices to assess trends and patterns in cyber, physical, and information operations networks, aiding in the determination of potential and expected impacts
• Conduct in-depth analysis of malicious and suspicious code to understand the nature of threats and extract unique attributes for proactive defense
• Identify, monitor, track, and catalog threat actors, their ideologies, and tactics by leveraging commercial and open-source intelligence collection tools
• Generate briefing materials, written products, and simple graphics to convey analysis verbally and in writing to key stakeholders
• Lead the acquisition, monitoring, and analysis of raw data, turning unstructured information into actionable intelligence
• Design, implement, and maintain tools and services for secure data collection, extraction, and analysis
• Apply and refine secure operational tradecraft principles to ensure the integrity of research operations
• Work with cross-functional teams, including Intelligence, Product, and Engineering, to integrate research findings into Anomali’s platform
• Develop and utilize APIs for system integration and advanced data retrieval to enhance Anomali’s intelligence capabilities

Preferred Qualifications

• Have additional language expertise (e.g., Russian, Mandarin, Spanish, Farsi, Arabic, Japanese, French)
• Have a background in the intelligence community or cyber threat intelligence research
• Demonstrate engagement in the security or academic research communities, or open-source software development
• Have formal intelligence analysis training
• Possess familiarity with building and deploying tools for internal use by research teams
• Have certifications in related areas (e.g., GOSI, SANS SEC487 & SEC587, IntelTechniques OSIP, etc.)
• Possess basic knowledge of programming/scripting languages (Python, Bash, Perl, C/C++, or JavaScript) and Structured Query Language (SQL)