Senior Threat Researcher (m/f/x) - Remote anywhere in Italy

Company Description

Founded in 2020, QuoIntelligence is Europe´s fastest growing startup in the field of Cyber Threat Intelligence. Headquartered in Germany, and incorporated in Italy and Spain, we provide companies and institutions with game-changing expertise in the fight against cybercrime. 

Our Intelligence Operation Team analyzes the current and future cyber threat landscape to disseminate timely and accurate tactical/operational/strategic intelligence to external customers and industry peers. The team is distributed across Germany, Italy, Spain, and the US and its members come from both the private cyber security and defense sectors.

Job Description

We are looking to expand the team’s capabilities by recruiting a Senior Threat (CTI) Researcher remotely based anywhere in Italy

Intelligence Operation Analysts deliver high value threat information that is tailored to customer needs and is to be shared with risk management specialists, security professionals and policy makers globally. 

Key areas of responsibility:​​​​

• Detect, investigate, track, and report on regionally focused malicious cyber activities and threat activity matching Clients’ Intelligence Requirements. 
• Work with other experienced Cyber/Geopolitical Intelligence analysts to develop tactical/operational/strategic Intelligence products following high writing style and analytical standards. 
• Identify, prioritize, and deploy various early detection mechanisms for new activity on malware families and threat actor groups of interest and continually improve threat hunting processes and documentation.  
• Stay on top of developments within the APT threat landscape and track key developments by following publications, blogs, and mailing lists. 
• Support the management of critical incidents and crisis situations. 
• Work with Customer Success to drive the answering of clients’ Request for Information (RFI). 
• Train and mentor Junior researchers in the team. 
• Identify new datasets to ingest that enrich QuoIntelligence datalake, and work with the Exploitation&Collection team to ingest such data at scale. 
• Propose new analytics which can be developed to improve and/or automate portions of the intelligence cycle. 
• Work with executives, technical SMEs, and customers (ad hoc) to enhance cybersecurity programs, incident response, and other activities. 
• Stay on top of developments within the threat landscape. 

Qualifications

Qualifications & Skills: 

• Bachelor’s degree in Computer Science, Computer Engineering, Information Security, Security Studies, Intelligence, or a related field. Alternatively, 4 additional years of experience in a similar role. 
• 6 years of experience in Information Security and/or Threat Intelligence. 
• Demonstrable experience (public blog, conference presentations, Github projects) conducting technical threat analysis and research and tracking APT and e-crime actors using techniques such as the Diamond Model of Intrusion Analysis or Kill Chain, and knowledge of common TTPs used by cyber threat actors following MITRE ATT&CK Matrix. 
• Technical knowledge in methods and procedures for network exploitation and mitigation. Must be able to distinguish different types of exploitation methods 
• Demonstrate knowledge in the TCP/IP and OSI model and apply the concept to analysis of log files and metadata. 
• Preferred experience with Structured Analytical Techniques, the intelligence cycle, and intelligence writing techniques and methodologies. 
• Experience clustering and tracking multiple state-sponsored activity groups using techniques such as the Diamond Model of Intrusion Analysis. 
• Knowledge of Windows and/or Linux malware analysis (behavior and static). 
• Extensive experience in hunting malicious infrastructures given networking indicators with tools such as Shodan, Censys, FOFA, VirusTotal etc. 
• Technical experience with Digital Forensic & Incident Response (DFIR) 
• Preferred experience with the development of Intelligence Collection Plan (ICP). 
• Experience presenting to different audiences, such as clients, other security experts, and/ or in conferences. 
• Excellent interpersonal and teamwork skills; ability to work with globally distributed team members. 
• Fluent in English. Additional fluency in other languages such as Italian, Spanish, German or French will be considered as an asset.  

Additional Information

How is it to work here?

• Fast growing startup in an ever-expanding market.
• A lean organization with an open feedback culture.
• Multicultural and multilingual organization.
• Creative environment where team members are encouraged to contribute to processes, decisions, planning and culture. 

What's the pay like?

Since December 2022, we operate a transparent compensation framework.

For this job and country, the base salary is 55.485€. 

What's in it for you?

• Work from anywhere in Italy!
• 26 days of paid time off. 
• Yearly global meetups in great locations. In 2024, we spent a week in Šibenik, Croatia!

What's the recruitment process like?

• You apply and fill a couple of screening questions.
• We review all applications.
• We invite you to an interview with our People Team via MS Teams
• You work on an online assessment via Vervoe 
• We schedule the top 4-5 candidates with our Head of Intelligence Operations as well as our CEO. The shortlisted candidate might as well meet the Research team. 
• We make an offer and conduct background checks via Veremark.

QuoIntelligence is an equal opportunity employer. We strongly believe that diversity is essential for good intelligence work and are committed to creating an inclusive environment for all employees.