We are on an expedition to find you, someone who is passionate about turning research into reliable, production-grade capabilities. Youll play a major role in building and shaping our next-gen CTI platform across attribution, pivoting, infrastructure prediction, EASM, and the STIX/OpenCTI knowledge base.
The Responsibilities
Execute the CTI research roadmap across threat actor attribution, adversary infrastructure analysis, EASM insights, and STIX-based knowledge management.
Conduct in-depth infrastructure and campaign analysis, including domain/IP relationships, hosting patterns and certificates.
Identify, validate, and track Indicators of Compromise (IOCs) and emerging threats using passive sources and approved active campaigns.
Normalize, enrich, deduplicate, and maintain intelligence in STIX 2.1, aligned with internal ontology and quality standards.
Collaborate with the Engineering, MLOps, and Data teams to translate intelligence into actionable intelligence, alerts, and customer-facing outputs.
Produce high-quality intelligence reports, threat briefs, watchlists, and early-warning assessments for internal teams and customers.
Support investigations by providing contextual analysis, confidence scoring, and evidence-backed assessments.
Ensure adherence to governance, ethics, sourcing, provenance, and data-quality standards across all intelligence outputs.
The Responsibilities
Execute the CTI research roadmap across threat actor attribution, adversary infrastructure analysis, EASM insights, and STIX-based knowledge management.
Conduct in-depth infrastructure and campaign analysis, including domain/IP relationships, hosting patterns and certificates.
Identify, validate, and track Indicators of Compromise (IOCs) and emerging threats using passive sources and approved active campaigns.
Normalize, enrich, deduplicate, and maintain intelligence in STIX 2.1, aligned with internal ontology and quality standards.
Collaborate with the Engineering, MLOps, and Data teams to translate intelligence into actionable intelligence, alerts, and customer-facing outputs.
Produce high-quality intelligence reports, threat briefs, watchlists, and early-warning assessments for internal teams and customers.
Support investigations by providing contextual analysis, confidence scoring, and evidence-backed assessments.
Ensure adherence to governance, ethics, sourcing, provenance, and data-quality standards across all intelligence outputs.
Requirements:
4+ years of experience in Cyber Threat Intelligence, SOC/IR intelligence support, or adversary infrastructure analysis.
Strong understanding of DNS, IPs, ASNs, hosting/cloud providers, TLS/PKI, domain lifecycle, and phishing infrastructure.
Hands-on experience with open-source and commercial CTI sources (OSINT, feeds, telemetry, reputation systems).
Practical knowledge of STIX 2.1, MITRE ATT&CK, TAXII; experience with OpenCTI and is a strong advantage.
Ability to perform passive discovery and controlled active validation, with a focus on accuracy, evidence discipline, and noise reduction.
Experience using Python for analysis and enrichment (pandas, notebooks); familiarity with Neo4j or Elasticsearch is a plus.
Strong analytical and threat-intelligence writing skills, able to translate technical findings into clear, actionable insights.
Comfortable working in a collaborative, version-controlled environment (Git), with attention to documentation and reproducibility.
Curious, methodical, and impact-driven mindset with a strong sense of intelligence rigor and accountability.
4+ years of experience in Cyber Threat Intelligence, SOC/IR intelligence support, or adversary infrastructure analysis.
Strong understanding of DNS, IPs, ASNs, hosting/cloud providers, TLS/PKI, domain lifecycle, and phishing infrastructure.
Hands-on experience with open-source and commercial CTI sources (OSINT, feeds, telemetry, reputation systems).
Practical knowledge of STIX 2.1, MITRE ATT&CK, TAXII; experience with OpenCTI and is a strong advantage.
Ability to perform passive discovery and controlled active validation, with a focus on accuracy, evidence discipline, and noise reduction.
Experience using Python for analysis and enrichment (pandas, notebooks); familiarity with Neo4j or Elasticsearch is a plus.
Strong analytical and threat-intelligence writing skills, able to translate technical findings into clear, actionable insights.
Comfortable working in a collaborative, version-controlled environment (Git), with attention to documentation and reproducibility.
Curious, methodical, and impact-driven mindset with a strong sense of intelligence rigor and accountability.
This position is open to all candidates.
