Senior Threat Intelligence Analyst - Team Lead, Cybercrime 

ACE Team, Insikt Group, Recorded Future

This role: Recorded Futures Insikt Group seeks a senior-level cybercrime-focused Threat Intelligence Analyst with 5+ years of experience to focus on criminal investigations and operations. Among other activities, youll monitor cybercrime trends, activities, and methodologies across multiple criminal source types, including open-source reporting, criminal source types (forums, marketplace, shops, among others), and chat and other direct communication platforms. You will be engaged in both proactive research and in responding to requests from clients related to cybercriminality.

What youll do:

• Lead a small team of cybersecurity professionals (four), including day-to-day delegations, client-facing and public reporting fulfillment, and ensuring quarterly OKRs are achieved.
• Collaborate with senior leadership to develop team strategies, develop analysts, and fulfill needs and resources. 
• Create and devise new sourcing, collecting, and curating new data into the Recorded Future Platform.
• Write reports ranging from brief descriptions of threats and threat actors to detailed finished intelligence reports for clients and the general public.
• Able to engage with threat actors on a long-term basis to obtain additional information beyond what has been posted publicly on forums and similar platforms
• Propose and oversee proactive reporting topics on cybercriminal-related TTPs and trends for internal and public consumption.
• Work collaboratively across internal teams to help enhance Recorded Futures collection, sourcing, research, and reporting capabilities by mentoring more junior analysts.
• Represent Recorded Future professionally at conferences and events including, but not limited to, webinars, speaking engagements, client presentations, scoping calls, and internal and external media engagements.

What youll bring (required):

• 5+ years of professional experience in roles in cyber intelligence, cyber and fraud investigations, or casework in other related disciplines.
• Leadership experience in leading and developing small teams to achieve team goals.
• Familiarity with collaborating with senior leadership on developing out strategy and building upon team goals.
• Knowledge and experience with analytic tradecraft, the intelligence cycle, open-source intelligence-gathering techniques, and strong intelligence writing skills, techniques, and methodologies
• Familiarity with legal and regulatory requirements for acquisition of digital information and the standards for collecting digital evidence under US Federal laws
• Experience conducting investigations and tracking campaigns on threat groups operating on criminal and clearnet sources, focusing on topics such as leaked databases and credentials, ransomware, DDoS operations, criminal marketplaces, and other current and emerging threats.
• Knowledge and understanding of malicious tools and software used for cybercriminal activity and the ability to track and trace threat groups using a wide range of telemetry.
• Knowledge of money laundering, fraud, and current cyber-enabled crime TTPs.
• Knowledge and understanding of most computer operating systems, networking concepts, and security fundamentals.
• Understanding of blockchain and cryptocurrency technologies, including trades, transfers, tracking, maintenance, documentation, and preservation.
• Apply operational security (OPSEC) best practices to maintain the anonymity of yourself and Recorded Future while operating on criminal sources.
• Ability to work well as part of a team working towards a unified goal.
• Strong time management skills that align with prioritizing day-to-day expectations with proactive research.  

Additional skills/experience (preferred but not required):

• Foreign language proficiency: strong preference for Russian, Chinese, Farsi, Arabic, or Southeast Asian languages.
• BA/BS or MA/MS degree or equivalent experience in Computer Science, Computer Engineering, Computer Programming, Digital Forensics, or a related discipline.
• Government, security, or law enforcement experience.
• Knowledge of Hacktivist trends and activities.
• Knowledge or understanding of the links and relationships between cybercriminal, hacktivist, extremist, and state-sponsored operations and organizations.
• Knowledge of money laundering TTPs, and has transacted in cryptocurrencies.
• Familiarity with malware analysis, campaign infrastructure, and interpreting larger datasets.