Cyber Threat Intelligence Analyst I

Reporting to the Manager of Intelligence Operations, the Cyber Threat Intelligence Analyst I is responsible for identifying, collecting, analyzing, and documenting the indicators and observables from phishing campaigns and malware binaries to produce actionable, timely intelligence to our broad range of customers.

Essential Duties/Responsibilities

• Analyze email-based threats, including phishing attempts, spear-phishing campaigns, and social engineering tactics to identify malicious activity.
• Analyze attachments, links, and payloads associated with phishing emails, identifying and documenting malware and/or credential phishing payloads and associated artifacts.
• Identify and document indicators of compromise (IOCs) from phishing emails, credential phishing campaigns, and malware samples (e.g., IP addresses, domain names, hashes) for use in identification and remediation efforts.
• Perform opensource based investigations of credential phishing sites and associated infrastructure.
• Stay up to date with evolving phishing tactics, techniques, and procedures (TTPs), emerging malware, and cybersecurity best practices.
• Contribute to analysis reporting on more sophisticated malware and credential phishing, with guidance.
• Contribute insight to in-depth strategic reporting on attacker trends and TTPs.
• Author threat assessments that assist customers in understanding threat’s relevance and potential impact.
• Analyze phishing campaigns and related threats to identify patterns, changes, and anomalies.
• Other duties as assigned.

Knowledge, Skills and Abilities Required

• Strong attention to detail and analytical skills.
• Ability to document findings clearly and concisely.
• Excellent communication skills, with the ability to document findings clearly and collaborate with cross-functional teams.
• Self-motivated, eager to learn, and committed to growth in the cybersecurity threat intelligence and analysis field.
• Ability to work in a fast-paced, team-oriented environment.
• Basic understanding of email protocols, headers, and related encoding formats.
• Familiarity with programming and scripting languages (e.g., Python, JavaScript, Visual Basic).
• Basic understanding of malicious software, malware families, and their behaviors.
• Basic familiarity with tactics, techniques, and procedures (TTPs) used in phishing campaigns.
• Quick learner with the ability to adapt to new tools and tradecraft standards.
• Ability to learn and quickly implement tradecraft standards.
• Basic knowledge of common malware families, email-based threats, and tactics used in phishing campaigns.

Education and/or Experience:

A Bachelor’s degree in a related field such as Computer Science, Computer Forensics, or Justice Science preferred, but not required.

• At least 1-2 years of experience in cyber threat intelligence research, analysis, and/or threat correlation is strongly preferred.
• Knowledge and basic with Linux, Mac, and Windows based OS’s is strongly preferred.
• Experience with TCP/IP packet capture and investigation software, e.g. Wireshark, HTTP debuggers is preferred.
• Experience with malware analysis, credential phishing analysis, and/or reverse engineering is a plus.
• Experience with open-source phishing investigation tools such as: URLScan, Shodan, and VirusTotal is a must.
• Experience with analyzing email headers, attachments, and links for signs of malicious behavior is strongly preferred.