Threat Intelligence Researcher
Threat Intelligence Researcher
Posted on :
24-08-2025
Employer Active
1 Vacancy
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Share
Send me jobs like this
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Job Description
Threat Intelligence Researcher
About the Team:
Arctica Wolf Threat Content Team is the owner and intellectual author of the telemetry and detection rules of our Aurora Focus (EDR) product part of Aurora Endpoint Defense.Our Team started only 3 years ago in BlackBerry-Cylance. Since then we have developed many internal tools to streamline our daily tasks defined work standards and how to create content (detection/telemetry rules) and high fidelity content (fine tune processes reduce f) created quality assurance processes (Unit Test Regression and E2E Testing) communication channels with other areas of Threat Intel and S2 without neglecting our main mission which is end cyber risk. We work together with MDR TRI AR and CTI teams to be ahead with
latest findings. As well as always on the lookout for new attacks 0days TTP updates keeping our client protected.
We actively participate in the purple teaming exercise perform by AR Team that emulates the most relevant Threat Actors. In our trajectory we have 2 Mitre accreditations Enterprise 2023 - Turla and Managed Services 2024 - MenuPass both we participated as EDR Blue Teamers.
About the Role and Responsibilities:
Analyse research and develop new content for Aurora Focus applying MITRE ATT&CK framework.
Convert investigations performed by our Threat Teams: TRIARCTI into new content (detection/telemetry rules).
Customer Escalation (BFD) collaborate with S2 teams on investigations regarding emerging threats to generate new
detection rules.
Fine tuning: determining true threats or false positives and providing solutions like exclusions logic change or decreasing
severity.
Python scripting to automate new internal tools or projects.
Ability to effectively manage multiple tasks simultaneously; coordinating and ensuring scheduled goals are met.
Maintain documentation up to date: about a new tool or process we add.
Run regression and end-2-end testing
Push production releases and notification emails.
Participate in Purple Teaming exercises
Analyse research and develop new content for Aurora Focus applying MITRE ATT&CK framework.
Convert investigations performed by our Threat Teams: TRIARCTI into new content (detection/telemetry rules).
Customer Escalation (BFD) collaborate with S2 teams on investigations regarding emerging threats to generate new
detection rules.
Fine tuning: determining true threats or false positives and providing solutions like exclusions logic change or decreasing
severity.
Python scripting to automate new internal tools or projects.
Ability to effectively manage multiple tasks simultaneously; coordinating and ensuring scheduled goals are met.
Maintain documentation up to date: about a new tool or process we add.
Run regression and end-2-end testing
Push production releases and notification emails.
Participate in Purple Teaming exercises
Generate metrics over Databricks Dashboard.
Deliver regular threat briefing presentations to internal & external stakeholders on topics ranging from threat actor campaign activity novel TTPs and emerging malware or exploits
Utilize best practices for threat research and documentation and deliver high-quality detection rules.
Deliver regular threat briefing presentations to internal & external stakeholders on topics ranging from threat actor campaign activity novel TTPs and emerging malware or exploits
Utilize best practices for threat research and documentation and deliver high-quality detection rules.
About You
Relevant experience in a professional setting for threat intelligence or threat research roles
Experience with applying the MITRE ATT&CK framework to intelligence products and associated depth of analysis for each TTP and threat actor represented in this body of knowledge
Experience analysing application and infrastructure telemetry (application logs network flow logs audit logs metrics core dumps etc.)
Experience analysing and deriving intelligence from phishing and malware campaigns vulnerabilities being exploited in the wild supply chain attacks and Data breaches
Understanding of threat protection/detection tooling/stacks: SIEM XDR/EDR
Experience working with Python scripts.
Understand Json format and regex usage.
Linux and MacOS Terminal usage
Basic .sh/.bat scripting knowledge
Windows sysinternals
Experience using Git repositories (GitHub Git Bash GitLab)
Experience using Virtual Machines (VMware workstation)
SQL Knowledge Databricks is a plus.
Lolbins/Lolbas Knowledge
Sigma Rules Knowledge
Excellent written and verbal communication skills
Resourceful self-starter with a positive can-do attitude
Nice to Have:
Experience with Agile Methodology
Experience using Elastic search Kibana or Grafana.
You have delivered presentations on cybersecurity or cyber threat intelligence at industry conferences or meetups
You have participated in sharing of threat intelligence through ISACs Trust Groups intelligence partnerships or via other open communities
CISSP OSCP GCTI or other relevant certifications are a plus
Experience with Agile Methodology
Experience using Elastic search Kibana or Grafana.
You have delivered presentations on cybersecurity or cyber threat intelligence at industry conferences or meetups
You have participated in sharing of threat intelligence through ISACs Trust Groups intelligence partnerships or via other open communities
CISSP OSCP GCTI or other relevant certifications are a plus
Interview Process
The interview process is approximately as follows:
Phone pre-screening: A recruiter contacts you to briefly discuss yourwork history and provide an overview of Arctic Wolf. Approximately 30 minutes
Technical assessment: A recruiter sends you a threat intelligence assessment to complete that will allow you to demonstrate your strategic thinking analytical skills and your technical understanding of various threat actor TTPs malware vulnerabilities and/or exploits
Face-to-face interviews: Several team members conduct interviews to learn more about you and provide more information about your potential role and team. Be prepared to discuss your technical assessment collaborate on a technical problem and talk more about past projects and your career goals. Approximately 1 hour perinterview.
The interview process is approximately as follows:
Phone pre-screening: A recruiter contacts you to briefly discuss yourwork history and provide an overview of Arctic Wolf. Approximately 30 minutes
Technical assessment: A recruiter sends you a threat intelligence assessment to complete that will allow you to demonstrate your strategic thinking analytical skills and your technical understanding of various threat actor TTPs malware vulnerabilities and/or exploits
Face-to-face interviews: Several team members conduct interviews to learn more about you and provide more information about your potential role and team. Be prepared to discuss your technical assessment collaborate on a technical problem and talk more about past projects and your career goals. Approximately 1 hour perinterview.
Security Requirements
Conducts duties and responsibilities in accordance with AWs Information Security policies standards processes and controls to protect the confidentiality integrity and availability of AW business information assets.
Must pass a criminal background check and an employment verification as a condition of employment.
Conducts duties and responsibilities in accordance with AWs Information Security policies standards processes and controls to protect the confidentiality integrity and availability of AW business information assets.
Must pass a criminal background check and an employment verification as a condition of employment.
Employment Type
Full-Time
Key Skills
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
