Threat Intelligence Analyst

Why it’s worth it:   

The ReliaQuest Threat Intelligence team provides timely, comprehensive intelligence that empowers high-fidelity detections, identifies known and emerging threats, and equips our customers with the knowledge to act decisively. Via our industry-leading security operations platform, GreyMatter, we produce operational, strategic, and tactical intelligence that delivers actionable insights into threat actor tactics, techniques, and procedures. Beyond this, we act as a thought leader in cybersecurity by offering original insights that highlight our expertise in detecting, containing, investigating, and responding to adversaries. If you thrive in a high-performance environment, this role will challenge you to push your boundaries, innovate continually, and operate at pace. 

The everyday hustle:   

• Identify and evaluate trends, dynamics, and developments in the cyber threat landscape by conducting primary-source research and analyzing telemetry. 

• Maintain the GreyMatter platform’s threat intelligence library by writing timely, accurate, and relevant customer-facing deliverables covering threat actors, vulnerabilities, campaigns, and malware. 

• Supply intelligence to internal teams to enrich our threat detection, containment, investigation, and response capabilities.  

• Conduct investigations to support fast-turnaround and long-form customer requests for information, including in incident response scenarios. 

• Publish emergency customer advisories to alert on impactful developments requiring immediate action. 

• Carry out research and operations on the clear, deep, and dark web, including active threat actor elicitations. 

• Propose and author extended original research projects to strengthen ReliaQuest as a trusted voice and leader within the threat intelligence community. 

• Act as a trusted technical advisor to customers in ad hoc meetings and regular business reviews, understanding their unique environment and challenges to optimize their cyber resiliency. 

Do you have what it takes?   

• 3-4 years’ experience of working in cybersecurity and/or cyber threat intelligence  

• A relevant bachelor’s degree (e.g., languages, computer science, cybersecurity, international relations, political science), equivalent education, or appropriate professional experience   

• Knowledge of cyber adversary tactics, techniques, and procedures (TTPs) 

• Proficiency in conducting technical and tactical investigations into atomic IOCs, threat actor methodologies, malware, and vulnerabilities   

• Familiarity with the intelligence cycle, structured analytical techniques, and appropriate analytical frameworks (including Cyber Kill Chain, Diamond Model, MITRE ATT&CK)  

• Capacity to read security logs and code to understand the content and context 

• Strong analytical skills, a demonstrated writing ability, and excellent verbal communication  

• Experience working in online intelligence investigations and analysis, including strong OSINT skills    

• Ability to deliver at pace, find solutions, and adapt in a constantly evolving organization  

What makes you uncommon?   

• Understanding of cybersecurity and IT disciplines including networking, operating systems, authentication protocols, security incident response, and enterprise technical security solutions (SIEM, IDS/IPS, firewall solutions, offensive security tools) 

• Basic knowledge of Linux/Unix operating systems 

• Certifications such as Network+, Security+, CySA+ 

• Experience with scripting or programming, including malware reverse engineering 

• Professional-level foreign language skills, preferably Russian, Farsi, or Chinese  

• Data or statistical analysis skills 

• Familiarity with open, deep, and dark web cybercriminal marketplaces and forums   

• Experience of online HUMINT operations and/or social engineering techniques