Job Description

Role Summary We are hiring a Level 2 Threat Intelligence Analyst who will play a key role in identifying, profiling, and analyzing cyber threats—especially those originating from dark web sources and adversarial actors. The ideal candidate will have hands-on experience in threat actor profiling, APT tracking, and ransomware ecosystem analysis. This role demands both tactical research capabilities and strategic intelligence production, contributing to our core threat intelligence offerings. Key Responsibilities • Dark Web & Deep Web Monitoring: Track cybercrime forums, marketplaces, and hidden networks to detect emerging threats, tools, or chatter related to target industries or geographies. • APT and Ransomware Tracking: Identify and monitor activities of APT groups, ransomware gangs, and affiliates. Create behavioral and attribution profiles for known and emerging threat actors. • Threat Actor Profiling: Compile and maintain structured profiles that include motivations, TTPs (tactics, techniques, and procedures), affiliations, historical campaigns, and IOCs (indicators of compromise). • Threat Attribution and Reporting: Produce detailed intelligence reports with technical and strategic insights for internal and external stakeholders. Assist in attribution efforts by correlating adversarial behaviors and campaign footprints. • Collaboration & Knowledge Sharing: Work with internal research, detection, and incident response teams to inform defensive strategies. Present findings in team meetings and client-facing briefings when required. • Platform Enhancement: Contribute feedback to improve the automation and enrichment features of FalconFeeds.io by identifying intelligence gaps and usability challenges. Required Qualifications • Minimum 4 years of experience in threat intelligence, cyber investigations, or related domains. • In-depth understanding of dark web ecosystems, encrypted communication channels, and adversary tradecraft. • Hands-on experience with MITRE ATT&CK, threat intel platforms, and OSINT tools like Maltego, Spiderfoot, or Recon-ng. • Familiarity with ransomware leak sites, IABs (Initial Access Brokers), and underground marketplaces. • Strong analytical and critical thinking skills, with the ability to work independently on multiple concurrent tasks. • Excellent documentation and report writing skills—both technical and executive-level reporting. • Comfortable working in fast-paced, high-alert environments with shifting threat priorities. Preferred (but not mandatory) • Experience working in a SOC, CERT, or CTI team within a government, financial, or enterprise security environment. • Proficiency in reading and understanding multiple languages (e.g., Russian, Farsi, Mandarin, Arabic) used in dark web forums. • Background in malware analysis, reverse engineering, or network forensics is a plus. What We Offer • A chance to work with a fast-growing global threat intelligence platform. • Access to proprietary tools and high-value threat data feeds. • A collaborative work environment with exposure to world-class cybersecurity teams. • Opportunities to contribute to research reports that gain media, government, and industry attention. • Competitive compensation, learning incentives, and career growth. Show more Show less