Threat Analyst

The Company

Netcraft is the global leader in cybercrime detection and disruption. We’re a trusted partner for three of the four largest companies in the world, twelve of the fifty largest banks, and eight of the largest world governments including the NCSC. We've blocked more than 200 million cyber-attacks to date, and we take down around 33% of the world's phishing attacks. 

Our purpose and passion are focused on one thing: protecting the world from cybercrime.

We carry that passion through into our workplace too. Our people are highly talented, and everyone is valued for their individual contribution. We make sure Netcraft is a great place to work—from great benefits to health and wellness and social events, we’ve got you covered. 

The Role

Reporting directly to the VP Product Strategy and liaising closely with colleagues across multiple global teams, you’ll be focused on surfacing strategic and tactical insights to customers through technical threat analysis of online attacks targeting our customers including phishing, malicious JavaScript, scams, and more.

You can be based at any of our UK offices (London, Bath, Manchester), with plenty of hybrid flexibility.

This is what you’ll be doing, day to day:

• Conducting technical research and analysis using Netcraft’s threat intelligence platforms and data alongside open-source data to assess threats including review of technical attack data, phishing kits and related metadata. This includes analysing the TTPs (tactics, techniques, and procedures) used by each threat actor to carry out threats.
• Monitoring and analysing the global threat landscape and industry trends related to cybercrime, emerging threats, and online fraud, including identifying ways in which threat actors may take advantage of global events.
• Preparing strategic and tactical assessments of current threats, themes and trends based on the collection, research, and analysis of Netcraft’s threat intelligence data.
• Assisting in production of technical whitepapers, customer insights, blog posts, and similar material to share with internal and external stakeholders on a regular basis.
• Investigating and responding to complex queries from customers about threats they are encountering, including mapping to and/or extending our existing knowledge.
• Communicating complex technical and business information to customers and internal stakeholders in a clear and concise manner.
• Collaborating with Netcraft’s operational and engineering teams to continue enhancing detection and mitigation of current and emerging threats.

The reward package:

We like to look after our people well, so your compensation will include:

• Attractive salary, reviewed annually
• Hybrid and flexible working options
• 33 days holiday per annum (incl. public holidays)
• Pension scheme membership with 4% employer contributions + NI savings
• Private health cover, including access to a private GP service
• Comprehensive wellness and support provisions
• Enhanced family leave provisions
• Two days paid Volunteering Leave per year
• Free meals, drinks and snacks provided daily in the offices
• Regular social events such as a big summer party, Christmas dinners, and annual kick-off
• A tax-efficient cycle to work scheme; and
• An inclusive culture and environment, where you’ll feel genuinely valued and respected.

What you’ll need to be successful:

• Demonstrated experience in threat intelligence data collection, analysis, sharing and reporting
• Ability to convey complex technical information to both technical and non-technical audiences in written form and in presentations
• Adept at robust data analysis at scale, using SQL, Excel and command line tools
• Broad experience with cybersecurity threat hunting, dissecting online threats and source code review
• Deep understanding of computer networks and their security postures including TCP/IP, DNS, HTTP, TLS, SMTP, JavaScript, Tor, blockchain and other web technologies
• Knowledge of the Internet infrastructure landscape, including CDNs, domain registrars and registries, hosting providers, DNS providers, and cloud technologies
• Self-starter who is creative and able to organise, prioritise, and plan their activities effectively
• Team player with strong interpersonal skills
• Excellent analytical and communication skills, including a very high standard of written English
• Technically competent, with a willingness to learn and develop new skills

Bonus points if you have:

• Familiarity with prevalent attacker TTPs and the MITRE ATT&CK framework
• Malware & network analysis
• Previous use of industry and open-source intelligence
• Some programming experience in scripting languages (g. PHP, Python, Ruby, Perl)
• Additional programming experience
• Relevant academic qualifications

At Netcraft we strongly believe in individual growth and development so even if you can't tick every box above right now, please don't let it put you off applying. If you think you could be great in this role, we’d love to hear from you.

Diversity, Equity and Inclusion

This is very important to us and through our ally network we support under-represented groups. We seek to maintain a working environment that is free from bias, harassment or discrimination, and we encourage candidates from any background to apply, regardless of their gender, gender identity, sexual orientation, race/ethnicity, ability/disability, age, religion, or any other specific characteristics.

We’re happy to make any adjustments to our hiring process to ensure that everyone can participate fully and comfortably.  

Please note Netcraft does not accept any unsolicited approaches from external recruiters.