Senior Cyber Threat Intelligence Analyst

KS or Anywhere, US.

Full Time Senior level / Expert
RiskIQ logo
Apply now Apply later

Posted 1 week ago

RiskIQ is the leader in attack surface management, providing the most comprehensive discovery, intelligence, and mitigation of threats associated with an organization’s digital presence. With more than 75 percent of attacks originating outside the firewall, RiskIQ allows enterprises to gain unified insight and control over web, social and mobile exposures. Trusted by thousands of security analysts, RiskIQ’s platform combines advanced internet data reconnaissance and analytics to expedite investigations, understand digital attack surfaces, assess risk and take action to protect the business, brand, and customers. Based in San Francisco, the company is backed by Summit Partners, Battery Ventures, Georgian Partners and MassMutual Ventures.

We are looking for a Senior Cyber Intelligence Analyst to join our i3 team. This position can be based at our office in Lenexa, KS or remotely anywhere in the US. 

The Role
The Incident Investigations and Intelligence (i3) Program within RiskIQ is built to oversee managed services of the External Threats Product workspaces for clients and the Executive Guardian product workspaces for clients. Executive Guardian is designed to protect C-Suite and high net worth individuals from physical threats, exposures of Personally Identifiable Information (PII), and instances of social media account impersonation thereby safeguarding the individual, their reputation, family, and by extension, the company. External Threats protects clients from phishing attacks, domain infringement, mobile app impersonation, social & brand impersonation, and data leakage. The i3 Senior Cyber Intelligence Analyst (SCIA) is responsible for leading time sensitive, TLP:Red level cyber investigations while working with a team of intelligence analysis professionals. Additionally, the SCIA will analyze advanced, targeted instances of phishing and impersonation of domain, social media and brand as well as data leaks to provide deeper intelligence around infrastructure, threat actors and groups (APTs), and provide finished intelligence to clients while also working with clients to better understand how to derive intelligence out of the RiskIQ platform. The SCIA will also oversee and participate in the production and dissemination of time-sensitive cyber threat analysis relevant to the security of clients, their corporate assets and operations. The SCIA is technically proficient and is able to lead the team as a strong individual contributor when needed. The SM must be proactive, consultative, and business-minded using both available open source and proprietary data sets to confidently develop technical and innovative solutions in response to client needs, and to attribute virtual threat actors with their actions as threats arise. This is a high visibility, client facing role with opportunity for growth within RiskIQ.


  • Effectively lead cyber investigations around events surfaced in the RiskIQ platform looking for relevant threat
    actor infrastructure, IOCs, and TTPs
  • Advise stronger configuration of technical collection in the ET and EG platforms to identify data on the web
    in accordance with client security expectations
  • Maintain and review complex detection logic and offer tuning suggestions based on the quality/volume of
  • Review and appropriately escalate detections based on the urgency of the discovered data/threat
  • Collaborate with i3 analysts working in the EG and ET platforms to conduct security/threat investigations into
    threat actors and their activities world-wide, using industry tools and proprietary information to attribute
    threat actors
  • Assist in the production and review of threat analysis for dissemination to consumers on the safety and
    security of clients, assets and operations, including threat profiles, impact assessments and mitigation
  • Ensure clear, concise and timely responses to requests for information (RFI) from clients
  • Include solution-oriented recommendations in all analyses, as appropriate
  • Identify opportunities to predict and prevent future security issues and/or incidents via analytic trends
  • Collaborate with client security teams to constantly improve analytic standards, workflows, and success
    metrics and develop/improve analytic and technical products as appropriate
  • Collaborate with RiskIQ Legal and Engineering teams to ensure appropriate mitigation of identified risks


  • Bachelor's degree required; Masters preferred
  • Professional Experience in Cyber Threat Intelligence best practices to include identification of IOC types,
    TTPs, indicator pivoting, and indicator attribution strength
  • Technical skill proficiency in network communications (TCP/IP, OSI Model), malware
    analysis(communication/installation/behavior) and computer network defense operations
  • Familiarization with social media investigative tools with exceptional research skills around online behaviors
    and attribution of online threat actors
  • Technical proficiency with open source intelligence(OSINT) research tools
  • Strong written and verbal communication skills
  • Experience managing multiple projects, and the ability to flex quickly as required by evolving corporate
  • Technical proficiency with applications such as Crowdstrike, Splunk, Maltego, PassiveTotal®
  • Familiarity with Threat Models such as MITRE ATT&CK® , Diamond Model and Cyber Kill Chain®
  • Ability to function as a strong individual contributor using technical cybersecurity/threat intelligence skills
  • Understanding of investigative analysis, and communicating findings to consumers
  • Proficient knowledge in any of the following: JavaScript, SQL, Regex and/or Python3
  • Approximately 5-20% global travel required
    Desired Experience
  • Previous cyber-investigations or US intelligence community targeting experience highly preferred
  • Advanced knowledge of JavaScript, SQL, Regex and/or Python a plus
  • Ability to obtain a US Security Clearance

Why work at RiskIQ?

  • Fascinating work - Welcome to the dark underbelly of the Internet. RiskIQ’s ability to help organizations map and monitor their attack surface, detect internet-scale threats, and investigate adversaries led to skyrocketing adoption by security teams around the world. It is the golden age of internet crime, and we are at the forefront of defensive efforts to stem the tide. Internet security is a global growth industry, and the knowledge you acquire here will be a marketable skill for decades to come.
  • We’re a company on the forefront of a burgeoning industry - RiskIQ experienced explosive growth in 2018, including a 362.5 percent increase in net new product sales due to the steady adoption of attack surface management across the world. We also experienced a 365 percent increase in registration for RiskIQ community, our freemium entry-level product, showing the increasing role of security outside the firewall to the growth of businesses.
  • Top Leadership - Our CEO is a renowned cybersecurity veteran known for his expertise. Our leadership group is poised and experienced with a track record in technology and cybersecurity.
  • Unbounded opportunity - We’re growing! At RiskIQ, you’ll be provided with as much responsibility as you can handle—new career development opportunities constantly arise given our rate of growth.
  • Flexibility - You’ll have a large workload, but also the freedom to accomplish it on your own terms.
Job tags: Analytics C Clearance Firewall JavaScript Malware Open Source Python Security Clearance Splunk TCP/IP Threat intelligence TTPs
Job region(s): North America Remote/Anywhere
Share this job: