Threat Analyst (US)

About Netcraft  

Netcraft is the global leader in cybercrime detection and disruption. We’re a trusted partner for three of the four largest companies in the world, twelve of the fifty largest banks, and eight country governments. We’ve blocked more than 200 million malicious sites and perform takedowns for around one-third of the world’s phishing sites. 

Our purpose, passion, and expertise are focused on just one thing: protecting the world from cybercrime. Simple, and a great platform from which to support customers. 

We carry that passion through into our workplace too. Our people are highly talented and everyone is valued for their individual contribution, so we make sure Netcraft is a great place to work. From benefits to wellness to social events, we’ve got it covered.

The Role 

You will be focused on surfacing strategic and tactical insights to Netcraft’s customers through technical threat analysis of cyber-attacks including data leaks, criminal activity on underground forums, phishing, malicious JavaScript, scams and more. This position reports within the Product Strategy and Emerging Threats team, liaising closely with colleagues across multiple global teams. 

You must be based in the United States and be a United States citizen. This role offers the flexibility to work in our offices in Lehi, Utah or remotely within the United States. There will be an occasional need to travel domestically and internationally. 

This is what you’ll be doing, day to day: 

• Identifying potential cyber threats, determining levels of risk, and producing analytics and reports for a variety of customer audiences. 
• Conducting technical research and analysis using Netcraft’s threat intelligence platforms and data alongside open-source data and tools to assess threats, including reviews of technical attack data, source code and related metadata. This includes analysing the TTPs (tactics, techniques, and procedures) used by threat actors to carry out attacks.
• Serving as a technical liaison to Netcraft’s strategic customers, particularly in the North American market.
• Investigating and responding to RFIs and complex queries from customers about threats they are encountering, including mapping to and/or extending our existing knowledge.
• Monitoring and analysing the global threat landscape and industry trends related to cybercrime, emerging threats, and online fraud, including identifying ways in which threat actors may take advantage of global events.
• Preparing strategic and tactical assessments of current threats, themes and trends based on the collection, research, and analysis of Netcraft’s threat intelligence data.
• Collaborating with Netcraft’s operational and engineering teams to help enhance detection and mitigation of current and emerging threats.
• Assisting in production of technical whitepapers, customer insights, blog posts, and similar material to share with internal and external stakeholders on a regular basis. 

What you’ll need to be successful: 

• Demonstrated experience in threat intelligence data collection, analysis, sharing and reporting.
• Extensive experience with deep and dark web threat intelligence, including identifying, monitoring, and analyzing underground forums, marketplaces, and other hidden services to surface emerging threats and illicit activities. This may involve engaging with online communities where users discuss and exchange information related to illicit or illegal activities, such as malware development, intrusion techniques, and cyber-attacks.
• Comfortable communicating in technical forums with other analysts and distilling complex issues into key highlights for senior executives.  This should include the ability to convey complex technical information to both technical and non-technical audiences in written form and in presentations.
• Adept at robust data analysis at scale, using SQL, spreadsheets and command line tools.
• Broad experience with cybersecurity threat hunting, dissecting online threats and source code review.
• Deep understanding of computer networks and their security postures including TCP/IP, DNS, HTTP, TLS, SMTP, JavaScript, Tor, blockchain and other web technologies.
• Knowledge of the Internet infrastructure landscape, including CDNs, domain registrars and registries, hosting providers, DNS providers, and cloud technologies.
• Self-starter who is creative and able to organise, prioritise, and plan their activities effectively.
• Team player with strong interpersonal skills.
• Excellent analytical and communication skills, including a very high standard of written English.
• Technically competent, with a willingness to learn and develop new skills.
• Ability to obtain and maintain a US Government security and/or vendor clearance. Candidates do not need to be current clearance holders but must be able to meet eligibility requirements for access to classified information if sponsored for clearance. 

Bonus points if you have: 

• Multiple spoken languages are a plus
• Familiarity with prevalent attacker TTPs and the MITRE ATT&CK framework
• Malware & network analysis
• Some programming experience in common scripting languages (e.g., Python,  node.js, Perl, PHP, etc.)
• Additional programming experience in common backend or frontend languages
• Relevant academic qualifications
• Public speaking experience
• A track record of contributing to articles and blogs on cybersecurity matters 

The reward package 

• Competitive base salary, reviewed annually
• 401(k) Safe Harbor Plan, with employer-matched contributions up to 4%
• Generous private health cover, including dental, optical and life assurance
• 33 days holiday per annum (incl. public holidays), plus separate paid leave for sickness, etc.
• Flexible and hybrid working options
• Enhanced family leave entitlements including 52 weeks maternity leave / adoption leave and 4 weeks paternity leave
• Inclusive culture and environment, where you’ll feel genuinely valued and respected

Diversity, Equity and Inclusion 

This is very important to us and through our ally network we support under-represented groups. We seek to maintain a working environment that is free from bias, harassment or discrimination, and we encourage candidates from any background to apply, regardless of their gender, gender identity, sexual orientation, race/ethnicity, ability/disability, age, religion, or any other specific characteristics. 

We’re happy to make any adjustments to our hiring process to ensure that all candidates can participate fully and comfortably.

Please note Netcraft does not accept any unsolicited approaches from external recruiters.