Overview

London, UK - Remote

With 1,000 intelligence professionals, over $300M in sales, and serving over 1,900 clients worldwide, Recorded Future is the world’s most advanced, and largest, intelligence company!

Strategic and Persistent Threats, Insikt Group, Recorded Future

This Role:

As a Senior Threat Intelligence Analyst on Insikt Group’s Strategic and Persistent Threats (SPT) team, you will lead efforts to track state-sponsored APT campaigns, mentor peers in intrusion analysis, represent Insikt Group’s expertise externally, and support Recorded Future’s Analyst-on-Demand service.

This role involves both proactive monitoring and in-depth research into threat actor infrastructure, tools, and TTPs, as well as the production of high-impact, client-driven finished intelligence. Your focus will be on state-sponsored cyber threats originating from Iran.

What You’ll Do:

• Conduct proactive research on state-sponsored APT activity by synthesizing multiple technical datasets to develop novel insights and high-quality reporting
• Establish and refine methods to track APT campaigns using network, intrusion, and malware analysis
• Hunt for threat actor infrastructure and activity across diverse technical data sources, leveraging banner data, service metadata, and related technical artifacts
• Identify, prioritize, and deploy detection mechanisms for command-and-control infrastructure, malware families, and threat groups of interest
• Continuously evaluate and improve threat intelligence workflows, identifying opportunities to enhance automation, efficiency, and analytic precision
• Stay up to date on evolving APT tradecraft by regularly reviewing technical publications, blogs, and intelligence from trusted sharing communities
• Mentor colleagues on intrusion analysis tradecraft and threat intelligence best practices, fostering a culture of knowledge sharing and continuous development
• Collaborate with geopolitical and regional analysis teams to support cross-functional research
• Propose and evaluate new data sources and analytical methods to enhance or automate the intelligence cycle
• Represent Insikt Group externally as a subject matter expert through customer briefings, media engagements, or public research dissemination
• Collaborate with engineering and data science teams to ensure effective integration of relevant data and analytics into the Recorded Future platform
• Support customer intelligence needs through Recorded Future’s Analyst-on-Demand service

What You’ll Bring (Required):

• BA/BS or equivalent experience in Computer Science, Computer Engineering, Information Security, Security Studies, Intelligence, or a related field
• Preferably 5+ years of experience in Information Security and/or Threat Intelligence
• Demonstrated experience conducting technical threat analysis and research
• In-depth knowledge of TCP/IP and other networking protocols and datasets relevant to intrusion and network infrastructure analysis
• Demonstrated capability in identifying and tracking infrastructure through methods such as banner analysis and metadata correlation
• Experience with static and dynamic malware analysis, including family attribution and variant clustering
• Proficiency in scripting (Python preferred, or Go, C, C++, Java) and fluency with common CTI research tools such as Maltego, Jupyter Notebook, the Elastic Stack, and similar tools
• Proven experience applying structured analytical techniques and intelligence methodologies to assess state-sponsored threat activity, including the intelligence cycle, intelligence writing best practices, and frameworks such as the Diamond Model
• Familiarity with threat modeling and adversary tracking frameworks such as MITRE ATT&CK, the Cyber Kill Chain, and related models to support campaign clustering, detection development, and strategic reporting
• Detailed understanding of existing APT groups’ past activities, TTPs, motivations, and targeting patterns
• Experience with open-source intelligence-gathering tools and techniques
• Experience working directly with customers, with strong written and verbal communication skills to clearly convey complex technical and non-technical concepts
• Strong interpersonal and teamwork skills, including working with globally distributed team members

Highly Desirable Skills/Experience (not required):

• MA/MS or equivalent experience in Computer Science, Computer Engineering, Information Security, or a related field
• Experience writing network and endpoint detection signatures
• Experience with Windows, iOS, Android, macOS, or malware analysis
• Proficiency in a high-priority foreign language, with preference for Arabic, Chinese, Farsi, Korean, Portuguese, Russian, or Spanish

Why should you join Recorded Future? Recorded Future employees (or “Futurists”) represent over 40 nationalities and embody our core values of having high standards, practicing inclusion, and acting ethically. Our dedication to empowering clients with intelligence to disrupt adversaries has earned us a 4.8-star user rating from Gartner and more than 45 of the Fortune 100 companies as clients.

Want more info?

Blog & Podcast: Learn everything you want to know (and maybe some things you’d rather not know) about the world of cyber threat intelligence

Linkedin, Instagram & Twitter: What’s happening at Recorded Future

The Record: The Record is a cybersecurity news publication that explores the untold stories in this rapidly changing field

Timeline: History of Recorded Future

Recognition: Check out our awards and announcements

We are committed to maintaining an environment that attracts and retains talent from a diverse range of experiences, backgrounds and lifestyles. By ensuring all feel included and respected for being unique and bringing their whole selves to work, Recorded Future is made a better place every day.

Apply for this job