United States onlyWHAT ZEROFOX WILL LOOK LIKE TO YOU
This role supports one of the world's most recognized consumer brands — a company with a global footprint, a high-profile executive population, and threat exposure that spans every timezone and threat landscape. You'll sit inside ZeroFox's Services and Analysis Team, producing intelligence that shapes real security decisions for a client whose brand is visible everywhere, all the time. This isn't background noise work. When something moves in a market or region your client operates in, you're the person connecting it to risk before it becomes an incident.
THE ROLE
You'll own the intelligence cycle for a strategic enterprise account — collecting, evaluating, and synthesizing information from open, deep, and dark web sources into products that actually help security and risk leaders act. That means daily and recurring deliverables: alerts, threat reports, trend assessments, and executive briefings. It also means being the analyst who picks up the phone when something breaks outside of business hours, because the adversary doesn't work a 9-to-5.
This isn't a passive monitoring role. You'll use ZeroFox's platform alongside your own research instincts to track threat actors, identify emerging patterns, and brief stakeholders who need clarity under pressure. You'll work alongside ZeroFox analysts and engage directly with your client's security team — which means your communication has to be as sharp as your analysis.
In your first 90 days, you'd be expected to get certified on ZeroFox's platform and methodology, take ownership of at least one recurring deliverable, and begin building the threat landscape context specific to your client's geography and risk profile.
THE REALITY
You'll thrive here if...
- You have genuine geopolitical instincts — you follow regional developments, understand how international dynamics translate to physical and reputational risk, and can map what's happening in the world to what it means for a specific organization.
- You've done real OSINT work — not just social media monitoring, but multi-source collection across surface, deep, and dark web environments — and you know how to turn raw findings into a coherent threat narrative.
- You've produced written intelligence products — reports, assessments, briefings — and can explain the BLUF model without Googling it.
- You speak a second language well enough to use it for research, not just to list it on a resume.
- Sitting with an incomplete investigation while you continue to develop it is normal to you — uncertainty is a phase, not a blocker.
This probably isn't for you if...
- You're looking for a well-defined alert queue to work through. This role requires you to drive your own research and draw your own conclusions with incomplete data.
- You prefer to hand off analysis to someone else for the "so what." Here, you write the assessment and brief the client on it.
- You need your client's environment explained to you every time. Brand-adjacent threat landscapes evolve fast, and staying current is your responsibility.
- You're uncomfortable briefing senior stakeholders or presenting findings when there's ambiguity in the data.
- The prospect of monitoring threats outside core business hours — occasionally and in support of actual incidents — isn't something you're willing to sign up for.
Requirements
You'll need to bring:
- 2–3 years of experience in open source research, investigations, or intelligence analysis — enough to work independently on a real client account.
- Demonstrated ability to assess credibility and relevance across disparate data sources and produce clear, sourced, actionable analysis.
- Strong written communication — specifically report writing. You apply BLUF or an equivalent structure because it makes your work more useful, not because it was assigned.
- Comfort across social media platforms, paste sites, message boards, and at least entry-level dark web environments.
- Proficiency with at least one investigative tool (Whois, Traceroute, Ping, or equivalent) and working knowledge of Google Suite.
Would love, but we won't hold it against you:
- Fluency in a second language, particularly one relevant to global manufacturing, retail, or apparel supply chains.
- Background in public or private sector intelligence, risk consulting, or security operations.
- Familiarity with IPv4/IPv6, DNS records, email header analysis, or P2P environments.
- Experience with tools like Maltego, MISP, VirusTotal, Shodan, or similar investigative platforms.
- Experience briefing decision-makers or senior leaders in a professional setting.
Physical and Sensory Requirements:
Mobility, walking, climbing, sitting, standing, reaching, bending, lifting (minimum of 10 lbs), fine eye-hand coordination, ability to read, write, listen and speak clearly, the ability to understand and follow written and oral instructions and directions, ability to travel =/< 10%, and ability to remain calm under pressure. Must be able to sit and/or stand for extended periods of time. Must be able to use a computer, cell phone, monitor(s), mouse and keyboard extensively and for lengthy periods of time.
Benefits
- Generous time off
- Comprehensive health benefits & 401(k) plan with employer matching
- Respectful and nourishing work environment, where every opinion is heard and everyone is encouraged to be an active part of the organizational culture
- Total annual compensation range $60,000-$80,000
About us
ZeroFox protects what's real by removing what isn't. We steadfastly safeguard organizations from fraud, abuse, misinformation, and attack by preemptively exposing, disrupting, and eliminating external threats across the public attack surface — because when people can't tell what's real, they stop trusting everything.
ZeroFox uniquely fuses Cyber Threat Intelligence, Brand and Domain Protection, Attack Surface Intelligence, Executive Protection, and Physical Security Intelligence in one platform packed with intelligence you'll actually use. Our continuous cycle — Discover, Validate, Disrupt — helps thousands of customers worldwide, including leaders in finance, media, technology, retail, healthcare, and government, reduce risk, accelerate response, and defend their world.
We're growing fast, investing deeply in AI, and building a team of people who are serious about results and never take themselves too seriously. If you're ready to take the fight to the adversary, come defend your world with us.
Equal Opportunity
We aim to build a team that represents a variety of backgrounds, perspectives, and skills. We embrace inclusion and ensure equal employment opportunity without discrimination or harassment based on race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, age, disability, national origin, marital or domestic/civil partnership status, genetic information, citizenship status, military or veteran status, or any other personal characteristic.
United Kingdom only