Global Threat Intelligence Researcher

WHO ARE WE?

We are a bunch of super enthusiastic, passionate, and highly driven people, working to achieve a common goal! We believe that work and the workplace should be joyful and always buzzing with energy!

CloudSEK,

Founded in 2015, headquartered at Singapore, we are proud to say that we’ve grown at a frenetic pace and have been able to achieve some accolades along the way, including:

CloudSEK’s Product Suite:

• CloudSEK

  XVigil

  constantly maps a customer’s digital assets, identifies threats, and enriches them with cyber intelligence, and then provides workflows to manage and remediate all identified threats, including takedown support.
• A powerful Attack Surface Monitoring
  tool that gives visibility and intelligence on customers’ attack surfaces. CloudSEK's

  BeVigil

  uses a combination of Mobile, Web, Network, and Encryption Scanners to map and protect known and unknown assets.
• CloudSEK’s Contextual AI

  SVigil

  identifies software supply chain risks by monitoring Software, Cloud Services, and third-party dependencies.

Key Milestones:

• 2016

  : Launched our first product.

• 2018

  : Secured Pre-series A funding.

• 2019

  : Expanded operations to India, Southeast Asia, and the Americas.

• 2020

  : Won the NASSCOM-DSCI Excellence Award for Security Product Company of the Year.

• 2021

  : Raised $7M in Series A funding led by MassMutual Ventures.

• Awards & Recognition

  : Won NetApp Excellerator's "Best Growth Strategy Award," CloudSEK XVigil joined NVIDIA Inception Program, and won the NASSCOM Emerge 50 Cybersecurity Award.

• 2025

  : Secured $19 million in funding led by Tenacity Ventures, Commvault.

Are you a cybersecurity enthusiast who enjoys detective work and applying it to real-world threat tracking? Do you thrive on correlating rapidly evolving cybersecurity incidents and tech innovations, aspiring to build an AI-proof career? Then this position is for you.

Role Overview:

Threat Intelligence Researcher

Key Responsibilities:

• Conduct

  ransomware IAV (Initial Access Vector) mapping

  to understand infiltration patterns, affiliate ecosystems, and monetisation structures.
• Perform

  e-crime and underground forum research

  to identify, profile, and map threat actors (TAs), their infrastructure, tools, and tradecraft.
• Execute

  infrastructure hunting

  campaigns focusing on

  APT and e-crime C2 frameworks

  , leveraging passive DNS, TLS certificates, and web fingerprinting techniques.
• Develop and maintain

  cyber HUMINT sources

  , focusing on early warning, infiltration, and intelligence collection aligned with organisational goals.
• Correlate and analyse

  global threat campaigns

  across ransomware, APT, and access broker ecosystems to identify shared TTPs and infrastructure linkages.
• Apply analytical models such as

  MITRE ATT&CK

  ,

  MITRE Engage

  ,

  Diamond Model

  , and

  Cyber Kill Chain

  to develop structured threat intelligence outputs.
• Produce

  tactical, operational, and strategic intelligence reports

  with actionable recommendations for global stakeholders.
• Contribute to

  tooling, automation, and methodology development

  for IAV mapping, C2 identification, and infrastructure clustering.

Required Skills & Experience:

• 3+ years of experience in

  threat intelligence

  ,

  malware analysis

  ,

  threat hunting

  , or

  digital investigations

  .
• Proven experience in

  tracking ransomware groups

  ,

  access brokers

  , or

  APT campaigns

  through open-source, dark web, and technical telemetry.
• Deep understanding of

  MITRE ATT&CK

  ,

  MITRE Engage

  ,

  Diamond Model

  , and

  Cyber Kill Chain

  frameworks.
• Familiarity with

  C2 frameworks

  (e.g., Cobalt Strike, Mythic, Sliver, Quasar, etc.) and infrastructure hunting methodologies.
• Practical experience with

  IAV analysis

  , including exploitation of vulnerabilities, phishing, and social engineering vectors.
• Strong OSINT and technical investigation skills (Shodan, Censys, FOFA, Netlas, VirusTotal, Hybrid Analysis, etc.).
• Experience in

  cyber HUMINT

  or engagement within

  closed threat actor communities

  is a strong plus.
• Ability to synthesise complex datasets into coherent, high-quality intelligence products.
• Excellent written and verbal communication skills for both technical and executive audiences.

Preferred Qualifications:

• Background in

  incident response

  ,

  reverse engineering

  , or

  network analysis

  .
• Experience with

  Python or automation scripting

  for data enrichment and infrastructure correlation.
• Prior contributions to

  threat research publications

  , advisories, or CTI community initiatives.