Recorded Future: Sr. Russian Nation State Intelligence Analyst
363 Highland Avenue
Somerville, MA 02144



This Role: We are looking for a resourceful expert in Russian cyber attacks for our Insikt (Research) Group, working alongside with our highly skilled members and providing assistance in research of various cybercriminal activities. Day-to-day responsibilities will include monitoring of hacking communities, research leads-generation, criminal actors and malicious tools profiling as well as cyber-threat assessment. Ability to write high-quality intelligence assessments and briefings for a senior-level audience. Previous intelligence experience is required. Relocation assistance will be considered for exceptional candidates.

Responsibilities to include:

  • Use detailed technical knowledge of tools, tactics, and procedures (TTPs) of Russian threat actor groups such as APT28, 29, Turla, and others to identify opportunities for new research, collection, and the development of in-house analytics to benefit future research.
  • Develop tools and methods to identify Russian APT malware (i.e., Zebrocy, Neuron, Turla, CrashOverride) using retro hunting and advanced detection techniques in common malware multi-scanner repositories as well as within Recorded Future's exclusive collection.
  • Support other threat intelligence analysts to analyze malware associated with advanced threat actors to develop leads and insights into actor infrastructure, tooling, and targeting.
  • Stay on top of developments within the malware landscape and track key developments by following publications, blogs, and mailing lists.
  • Perform network analysis of malicious infrastructure related to Russian APT campaigns.
  • Analyze malware used by Russian state-backed actors to identify leads for further analysis.
  • Develop network and host-based detection rules such as SNORT and Yara to detect APT campaigns in line with Insikt research goals.
  • Publish research on novel threats and research results.
  • Investigate potential links and overlaps between Russian APT campaigns and Russian language criminal threat actors and tools.

Required Skills/Experience:

  • BA/BS or MA/MS degree or equivalent experience in Computer Science, Information Security, or a related field.
  • Demonstrable experience tracking Russian state threats over multiple years
  • Knowledge of TCP/IP
  • Demonstrable experience of conducting cyber threat investigations
  • Scripting experience in Python, Go, Powershell, or Bash
  • Practical experience using common threat intelligence analysis models such as MITRE ATT&CK, the Diamond Model, and the Cyber Kill Chain
  • Ability to convey complex technical and non-technical concepts in verbal products & excellent writing skills are mandatory

Highly Desireable Skills/Experience:

  • 2 years+ experience in static and dynamic malware analysis
  • 2 years+ experience reverse engineering tools (Ida Pro, OllyDbg)
  • Knowledge of Windows operating system internals and the Windows API
  • Experience in analyzing both desktop and mobile malware
  • Experience in the deobfuscation of malware, analysis of packers, malware decryption techniques
  • Basic knowledge of Russian and other CIS intelligence agencies, structures, and past targeting

Why should you join Recorded Future?
Theres a reason why over 90% of Fortune 100 Companies rely on us for their threat intelligence needs: our patented web intelligence engine has the ability to unlock insights that radically improve cyber threat visibility for our clients. Our dedication to empowering clients with intelligence to reduce risk has earned us a 4.7-star user rating from Gartner.

If youre full of passion, ambition, and dedication you may be well on your way to becoming a Futurist. From over 35 nationalities, our Futurists are the perfect recipe of humility, accountability, and collaborative attitudes to put our team at the front line of securing the internet. If you want to be a part of this awesome team, apply today!

Want more info? Check out the links below for more from the Recorded Future team, special guests, and our partners.
Blog & Podcast: Learn everything you want to know (and maybe some things youd rather not know) about the world of cyber threat intelligence
Instagram & Twitter: Whats happening at Recorded Future
Timeline: History of Recorded Future