Cyber Threat Researcher

3Columns is a specialist cybersecurity firm that delivers a wide range of services, including security assurance, security governance, professional services, and managed services. Solutions include managed security services, offensive security services, cybersecurity consulting, and professional services to help customers deploy all the necessary controls. The core services delivered by the SOC are Managed Detection and Response and Incident Response.

About the Role:

3Columns is seeking a Cyber Threat Researcher to join their team. They will be responsible for working with the MDR team and working in Threat research, Threat intelligence, Dark Web monitoring and vulnerability management.

Job Responsibilities

Threat Research & Intelligence

• Conduct continuous monitoring of dark web forums, marketplaces, breach databases, and threat actor channels for leaked credentials, corporate data, or targeted threats.
• Analyse threat actor behaviour, emerging TTPs, and underground discussions relevant to customer industries.
• Produce actionable intelligence reports for internal teams and customers, highlighting risks, trends, and recommended mitigations.
• Enrich internal threat intelligence platforms with IOCs, indicators of compromise, and context derived from OSINT, darknet, and security feeds.

Vulnerability Management

• Track and analyse newly disclosed vulnerabilities (e.g., CVEs, vendor advisories, Zero-Day disclosures).
• Prioritise vulnerabilities using exploitability data, threat intelligence, risk scoring (CVSS, EPSS), and customer-specific context.
• Develop vulnerability summaries, technical breakdowns, and remediation guidance for customers.
• Collaborate with SOC/MDR teams to map vulnerabilities against real-world exploitation campaigns.

Incident Support

• Support SOC/DFIR teams during investigations with threat intel insights, leaked credential analysis, and threat actor profiling.
• Provide rapid intelligence lookups during active incidents and assist in identifying potential adversary infrastructure.

Reporting & Stakeholder Communication

• Prepare monthly and ad-hoc threat intelligence reports for customers.
• Present findings to internal and external stakeholders in a clear and business-friendly manner.

Qualifications & Skills

• 2–4+ years of experience in threat intelligence, vulnerability research, darknet monitoring, or related cybersecurity roles.
• Strong understanding of exploit development basics, vulnerability disclosure processes, and common attacker methodologies.
• Experience with OSINT tools, darknet access, threat feeds, and scraping/monitoring platforms.
• Familiarity with scripting languages (Python preferred) for automation and data analysis.
• Knowledge of MITRE ATT&CK, CVSS, EPSS, CWE, NVD, and vendor advisory ecosystems.
• Experience using threat intelligence platforms (e.g., Recorded Future, Cyble, ThreatConnect, OpenCTI).
• Strong analytical and report writing skills, with the ability to produce clear, actionable intelligence.
• Ability to operate within legal and ethical boundaries while researching dark web sources.