Senior Emerging Threat Intelligence Analyst

With 1,000 intelligence professionals, over $300M in sales, and serving over 1,800 clients worldwide, Recorded Future is the world’s most advanced, and largest, intelligence company!

We are seeking a uniquely talented individual who combines the technical acumen of a Cyber Threat Hunter with the expressive skills of a Technical Writer to work as an Emerging Threat Intelligence Analyst. This individual will be a critical component of Recorded Future’s Insikt Group, and will be a point person for cross-team collaboration both throughout Insikt Group as well as with Recorded Future’s Attack Surface Intelligence Quick Reaction Team (QRT). This individual will aid in the identification, assessment, and communication of new and emergent threats in the cybersecurity landscape, specifically vulnerability intelligence and detection.

Responsibilities

• Vulnerability Analysis: You are tasked with the prompt identification, thorough analysis, and comprehensive assessment of emerging cybersecurity threats, specifically recently disclosed or exploited vulnerabilities. Your technical prowess will be crucial in ensuring our preparedness for potential risks and understanding the implications of prompt and thorough analysis of high-impact vulnerabilities. 
• Threat Analysis: You are tasked with the production and review of intelligence summaries accessible to all Recorded Future clients. These summaries will detail a variety of cyber threat events, including recent cyber attacks and adjustments in known threat groups’ tactics, techniques, and procedures (TTPs).
• Technical Authorship: Utilizing your skill in making complex concepts accessible, you will convert intricate technical insights into engaging and easily understandable blog posts, client disclosures, and Insikt Notes. Each publication should comprehensively address the nature of the threat, its potential impact, suggested mitigation strategies, and a succinct summary for quick referencing.
• Detection Engineering: Design and develop Nuclei templates for vulnerability scanning, ensuring these templates are tailored to detect new and emerging vulnerabilities efficiently. Develop custom lab environments and proof-of-concept code based on specific vulnerability signatures and behaviors. Maintain an up-to-date repository of these templates, and continually refine them to improve detection accuracy and performance. This involves creating test cases, simulating attack scenarios, and verifying that the templates correctly identify vulnerabilities without producing false positives.
• Research Collaboration: You will partner with teams within Insikt Group to augment our collective understanding of emergent threats and vulnerabilities. This collaborative exploration will subsequently inform and enhance our proactive protective measures.
• Cross-team Collaboration: You will be responsible for working on projects across multiple research teams within Insikt Group and QRT with weekly content production and tight deadlines. 
• Detailed Documentation: Your role involves meticulous record-keeping, noting intricate details of identified vulnerabilities, methodologies of discovery, and potential implications. This comprehensive record aids in understanding the nature of threats and planning appropriate responses.
• Continual Professional Development: Stay abreast of the latest advancements in cybersecurity trends, threat tactics, and research methodologies, ensuring our collective knowledge remains current and comprehensive.

Qualifications

• A degree in Cybersecurity, Computer Science, Information Technology, or a related discipline.
• A minimum of 3 years of substantial experience in cybersecurity, with a focus on threat detection, penetration testing, or vulnerability assessment.
• A solid grasp of fundamental cybersecurity principles, attack trajectories, and techniques for vulnerability analysis.
• Demonstrable experience researching and analyzing new cyber threats across either a) multiple industries or b) multiple timeframes (e.g., both weekly and quarterly)
• Demonstrable experience deploying known vulnerable infrastructure within a lab environment for analysis.
• Demonstrable experience creating and authoring Nuclei templates for vulnerability identification and validation.
• Practical experience using common threat intelligence analysis models such as MITRE ATT&CK, D3FEND, the Diamond Model, and the Cyber Kill Chain
• Practical experience with network and web application penetration testing tools such as, Burp Suite, NMap, Fiddler, and Wireshark
• Familiarity with and use of common cyber threat intelligence tools such as DomainTools, VirusTotal, SHODAN, etc.
• Demonstrable experience in technical writing, showcasing an ability to translate complex technical concepts into engaging, reader-friendly content.
• Demonstrably strong writing ability, to be assessed via a writing sample
• A meticulous attention to detail, underscoring a commitment to accuracy and thoroughness in all aspects of work.
• Capable of functioning effectively within a team as well as independently.

Preferred but not required:

• Relevant industry certifications such as OSCP, OSWA, GWAPT, Pentest+, or equivalent.
• Familiarity with scripting and programming languages such as YAML, Python, Golang, Javascript, C, etc. 
• Prior experience within a quick reaction or incident response team environment.
• Practical experience with malware detections, including YARA, Sigma, and Snort

Why should you join Recorded Future?
Recorded Future employees (or “Futurists”), represent over 40 nationalities and embody our core values of having high standards, practicing inclusion, and acting ethically. Our dedication to empowering clients with intelligence to disrupt adversaries has earned us a 4.8-star user rating from Gartner and more than 45 of the Fortune 100 companies as clients.

Want more info? 
Blog & Podcast: Learn everything you want to know (and maybe some things you’d rather not know) about the world of cyber threat intelligence
Instagram & Twitter: What’s happening at Recorded Future
The Record: The Record is a cybersecurity news publication that explores the untold stories in this rapidly changing field
Timeline: History of Recorded Future
Recognition: Check out our awards and announcements

We are committed to maintaining an environment that attracts and retains talent from a diverse range of experiences, backgrounds and lifestyles.  By ensuring all feel included and respected for being unique and bringing their whole selves to work, Recorded Future is made a better place every day.

If you need any accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to our recruiting team at careers@recordedfuture.com 

Recorded Future is an equal opportunity and affirmative action employer and we encourage candidates from all backgrounds to apply. Recorded Future does not discriminate based on race, religion, color, national origin, gender including pregnancy, sexual orientation, gender identity, age, marital status, veteran status, disability or any other characteristic protected by law.

Recorded Future will not discharge, discipline or in any other manner discriminate against any employee or applicant for employment because such employee or applicant has inquired about, discussed, or disclosed the compensation of the employee or applicant or another employee or applicant.

Notice to Agency and Search Firm Representatives:
Recorded Future will not accept unsolicited resumes from any source other than directly from a candidate. Any unsolicited resumes sent to Recorded Future, including those sent to our employees or through our website, will become the property of Recorded Future. Recorded Future will not be liable for any fees related to unsolicited resumes.

Agencies must have a valid written agreement in place with Recorded Future's recruitment team and must receive written authorization before submitting resumes. Submissions made without such agreements and authorization will not be accepted and no fees will be paid.