Senior Threat Intelligence Analyst – Iran APT Focus

Senior Threat Intelligence Analyst – Iran APT Focus

Requirements

• BA/BS or equivalent experience in Computer Science, Computer Engineering, Information Security, Security Studies, Intelligence, or a related field
• Preferably 5+ years of experience in Information Security and/or Threat Intelligence
• Demonstrated experience conducting technical threat analysis and research
• In-depth knowledge of TCP/IP and other networking protocols and datasets relevant to intrusion and network infrastructure analysis
• Demonstrated capability in identifying and tracking infrastructure through methods such as banner analysis and metadata correlation
• Experience with static and dynamic malware analysis, including family attribution and variant clustering
• Proficiency in scripting (Python preferred, or Go, C, C++, Java) and fluency with common CTI research tools such as Maltego, Jupyter Notebook, the Elastic Stack, and similar tools
• Proven experience applying structured analytical techniques and intelligence methodologies to assess state-sponsored threat activity, including the intelligence cycle, intelligence writing best practices, and frameworks such as the Diamond Model
• Familiarity with threat modeling and adversary tracking frameworks such as MITRE ATT&CK, the Cyber Kill Chain, and related models to support campaign clustering, detection development, and strategic reporting
• Detailed understanding of existing APT groups’ past activities, TTPs, motivations, and targeting patterns
• Experience with open-source intelligence-gathering tools and techniques
• Experience working directly with customers, with strong written and verbal communication skills to clearly convey complex technical and non-technical concepts
• Strong interpersonal and teamwork skills, including working with globally distributed team members

Responsibilities

• Conduct proactive research on state-sponsored APT activity by synthesizing multiple technical datasets to develop novel insights and high-quality reporting
• Establish and refine methods to track APT campaigns using network, intrusion, and malware analysis
• Hunt for threat actor infrastructure and activity across diverse technical data sources, leveraging banner data, service metadata, and related technical artifacts
• Identify, prioritize, and deploy detection mechanisms for command-and-control infrastructure, malware families, and threat groups of interest
• Continuously evaluate and improve threat intelligence workflows, identifying opportunities to enhance automation, efficiency, and analytic precision
• Stay up to date on evolving APT tradecraft by regularly reviewing technical publications, blogs, and intelligence from trusted sharing communities
• Mentor colleagues on intrusion analysis tradecraft and threat intelligence best practices, fostering a culture of knowledge sharing and continuous development
• Collaborate with geopolitical and regional analysis teams to support cross-functional research
• Propose and evaluate new data sources and analytical methods to enhance or automate the intelligence cycle
• Represent Insikt Group externally as a subject matter expert through customer briefings, media engagements, or public research dissemination
• Collaborate with engineering and data science teams to ensure effective integration of relevant data and analytics into the Recorded Future platform
• Support customer intelligence needs through Recorded Future’s Analyst-on-Demand service

Preferred Qualifications

• MA/MS or equivalent experience in Computer Science, Computer Engineering, Information Security, or a related field
• Experience writing network and endpoint detection signatures
• Experience with Windows, iOS, Android, macOS, or malware analysis
• Proficiency in a high-priority foreign language, with preference for Arabic, Chinese, Farsi, Korean, Portuguese, Russian, or Spanish