Threat Analyst, Netcraft

• Demonstrated experience in threat intelligence data collection, analysis, sharing and reporting
• Extensive experience with deep and dark web threat intelligence, including identifying, monitoring, and analyzing underground forums, marketplaces, and other hidden services to surface emerging threats and illicit activities. This may involve engaging with online communities where users discuss and exchange information related to illicit or illegal activities, such as malware development, intrusion techniques, and cyber-attacks
• Comfortable communicating in technical forums with other analysts and distilling complex issues into key highlights for senior executives. This should include the ability to convey complex technical information to both technical and non-technical audiences in written form and in presentations
• Adept at robust data analysis at scale, using SQL, spreadsheets and command line tools
• Broad experience with cybersecurity threat hunting, dissecting online threats and source code review
• Deep understanding of computer networks and their security postures including TCP/IP, DNS, HTTP, TLS, SMTP, JavaScript, Tor, blockchain and other web technologies
• Knowledge of the Internet infrastructure landscape, including CDNs, domain registrars and registries, hosting providers, DNS providers, and cloud technologies
• Self-starter who is creative and able to organise, prioritise, and plan their activities effectively
• Team player with strong interpersonal skills
• Excellent analytical and communication skills, including a very high standard of written English
• Technically competent, with a willingness to learn and develop new skills
• Ability to obtain and maintain a US Government security and/or vendor clearance. Candidates do not need to be current clearance holders but must be able to meet eligibility requirements for access to classified information if sponsored for clearance

Desirable

• You will be focused on surfacing strategic and tactical insights to Netcraft’s customers through technical threat analysis of cyber-attacks including data leaks, criminal activity on underground forums, phishing, malicious JavaScript, scams and more
• This position reports within the Product Strategy and Emerging Threats team, liaising closely with colleagues across multiple global teams
• Identifying potential cyber threats, determining levels of risk, and producing analytics and reports for a variety of customer audiences
• Conducting technical research and analysis using Netcraft’s threat intelligence platforms and data alongside open-source data and tools to assess threats, including reviews of technical attack data, source code and related metadata. This includes analysing the TTPs (tactics, techniques, and procedures) used by threat actors to carry out attacks
• Serving as a technical liaison to Netcraft’s strategic customers, particularly in the North American market
• Investigating and responding to RFIs and complex queries from customers about threats they are encountering, including mapping to and/or extending our existing knowledge
• Monitoring and analysing the global threat landscape and industry trends related to cybercrime, emerging threats, and online fraud, including identifying ways in which threat actors may take advantage of global events
• Preparing strategic and tactical assessments of current threats, themes and trends based on the collection, research, and analysis of Netcraft’s threat intelligence data
• Collaborating with Netcraft’s operational and engineering teams to help enhance detection and mitigation of current and emerging threats
• Assisting in production of technical whitepapers, customer insights, blog posts, and similar material to share with internal and external stakeholders on a regular basis