Job Description

Challenges You'll Solve

The Red Canary Intelligence Team conducts in-depth analysis to provide context and help prioritize where to focus detection and response efforts. As a key contributor, you will investigate raw telemetry, analyze suspicious and confirmed threats, and conduct open-source research to associate activity with known adversaries. A significant focus is on researching identity-based threat actors and cloud-targeted TTPs across infrastructure services like AWS, GCP, and Azure, as well as platform services such as Okta, EntraID, and Kubernetes. Curiosity, adaptability, and a passion for addressing evolving threats will be vital for success in this dynamic, mission-driven team.

The role requires strong collaboration, outstanding communication, and experience in open-source threat research. A solid understanding of cyber threat intelligence and adversary behaviors is essential, alongside proficiency in analytical and problem-solving skills. Responsibilities include developing intelligence on emerging threats, producing actionable intelligence reports, defining new threat clusters, and identifying opportunities to bolster our detection and response capabilities. Additionally, you will engage with internal teams, external partners, customers and the broader infosec community to communicate unique trends and noteworthy threat actor TTPs through blogs and presentations. This role involves staying updated on emerging threats, suggesting workflow improvements, and supporting customers in understanding and responding to their specific threat models.

If you bring a mix of these skills, we encourage you to apply—even if you don’t meet every requirement. The role will adapt to the person who joins.

• Research known and emerging threats with cloud and SaaS providers, including AWS, GCP, Azure, Office 365, and Google Workspaces
• Investigate telemetry and malicious activity to identify threats, provide context, and guide detection and response decisions. Work with Engineers and Data Scientists to ensure relevant data from Cloud and Identity telemetry sources are properly stored and indexed for historical analysis at scale.
• Conduct open and closed source research to associate suspicious activity with known threats and to communicate threats of concern to our customers. Sources include social media, blog posts, intelligence reports, sandbox output, private information sharing partners, internal detections, and more.
• Process and analyze patterns and trends in detections and write actionable intelligence products to track TTPs, detection coverage, and remediation strategies.
• Define and analyze new activity clusters based on analysis of malicious and suspicious behaviors and activity observed across our customer base.
• Produce intelligence reports and communicate actionable insights based on analysis, both internally and externally to customers and the community.
• Actively engage with internal teams, external partners, customers, and the infosec community to share knowledge and enhance collaboration.
• Respond to customer questions about threats to help them understand their threat model, what matters to their organization, and what actions they can take in response to various threats.
• Validate Red Canary’s detection coverage against the continuously evolving threat landscape and identify unique or emerging threats to build detection coverage for.
• Mentor team members and contribute to the development of intelligence analysis expertise. Suggest new methods, processes, and products that the team could adopt to help us achieve our mission and improve our workflows.

• Experience with, or a drive to research, cloud and SaaS providers, including AWS, GCP, Azure, Office 365, and Google Workspaces, and cloud attack techniques or cloud-based threat groups.
• Proficiency in analytical problem-solving, quick learning of tools, and familiarity with query languages and data platforms like SQL, Splunk, Elasticsearch, Synapse Storm, or others.
• Strong analytical and problem-solving skills, including the ability to synthesize complex and contradictory information.
• Experience in open-source threat research, including social media, blog posts, and malware sandboxes.
• Knowledge of cyber threat intelligence concepts including attribution, group naming, making assessments, and pivoting..Familiarity with the mechanics of attack behaviors and MITRE ATT&CK ®.
• Experience tracking adversaries, including threat groups, activity groups, or malware families, and ability to differentiate unique and shared characteristics of clusters.
• Outstanding communication skills, both written and verbal, including the ability to communicate technical concepts in a clear, succinct fashion to subject matter and non-subject matter experts alike.
• Experience in Intelligence, Security Operations Center (SOC), Digital Forensics and Incident Response (DFIR), or other security-focused roles
• Curiosity and adaptability to dive into data, tackle new challenges, and thrive in a fast-paced environment.

Job Tags

Similar Jobs