This list contains only the countries for which job offers have been published in the selected language (e.g., in the French version, only job offers written in French are displayed, and in the English version, only those in English).
As a member of the Unit 42 National Security Team (NATSEC), you will work with a globally distributed team of vulnerability researchers, reverse engineers, and threat intelligence analysts. In this role, you will be embedded within a customer environment, tracking cyber criminals, ransomware groups, and advanced persistent threats to support sensitive customer intelligence requirements and make a significant impact on national security.
Job Responsibility:
Provide timely and actionable intelligence to support customer intelligence requirements
Leverage global datasets (e.g., netflow, malware, passive DNS, geospatial intelligence) to track malicious cyber actors, their infrastructure, and campaigns
Proactively collaborate and exchange information with a global team of threat intelligence analysts to analyze and develop coverage for emerging threats
Develop and present strategic threat assessments tailored to customer needs and intelligence gaps
Communicate effectively with product engineering teams to improve detection efficacy in our ecosystem of products
Challenge existing assumptions by curiously investigating threat actor TTPs to produce unique and predictive intelligence
Simplify complex technical findings into clear, concise reports for a variety of audiences
Requirements:
Active Top Secret Clearance (TS/SCI) with Polygraph
Bachelor of Science/Master of Science in Computer Science, Computer Engineering, or a related field
OR 5+ years of equivalent experience as a cleared cyber threat intelligence analyst
Proficiency in a programming or scripting language such as Python, C, or C++
Strong knowledge of cyber security threat actors, particularly their tactics, techniques, procedures (TTPs), and tooling
Experience leveraging netflow, passive DNS, IP registration, and malware telemetry to form comprehensive threat assessments
U.S. citizenship is required for this position
Must reside within a local commuting distance to Washington, DC, to support on-site requirements
Nice to have:
Experience with large-scale data analysis platforms, such as BigQuery
Familiarity with static and dynamic malware analysis using common industry tools (e.g., IDA Pro, Ghidra, x64dbg)
Deep knowledge of the MITRE ATT&CK Matrix and its application in tracking threat actor behaviors
Experience working within a security operations center (SOC), fusion center, or incident management team
Outstanding verbal and written communication skills, with experience delivering presentations to technical and executive audiences