Senior Threat Intelligence Researcher (US Remote)

About the position Anomali is seeking a Senior Threat Intel Researcher to join our growing Intelligence team. In this role, you will lead efforts to track, analyze, and classify data from cybercriminal underground ecosystems to uncover actionable threat intelligence that directly supports the evolution of Anomali's products and capabilities. This role focuses on research and technical collection. As a key contributor to Anomali's Intelligence team, you will employ operational security (OPSEC) tradecraft to investigate underground cybercriminal economies and develop tools and methodologies. You will work collaboratively across internal teams to ensure your findings inform the development of our cutting-edge security solutions. This role is ideal for a technically proficient, highly motivated individual with deep experience in cyber threat intelligence and a proven ability to work independently in a fast-paced, research-driven environment.

Responsibilities

• Conduct proactive investigations into cybercriminal underground economies, hidden sites, and forums of interest to identify emerging threats.
• Identify emerging operations and trends by conducting extensive research into cyber, physical, and information-related threat activity.
• Provide actionable communications, countermeasures, and recommendations for decision-makers with minimal oversight.
• Use a Threat Intelligence Platform (TIP) to collect, organize, correlate, and analyze cyber threat data from various sources.
• Implement data analysis practices to assess trends and patterns in cyber, physical, and information operations networks.
• Conduct in-depth analysis of malicious and suspicious code to understand the nature of threats.
• Identify, monitor, track, and catalog threat actors, their ideologies, and tactics.
• Generate briefing materials, written products, and simple graphics to convey analysis verbally and in writing.
• Lead the acquisition, monitoring, and analysis of raw data, turning unstructured information into actionable intelligence.
• Design, implement, and maintain tools and services for secure data collection, extraction, and analysis.
• Apply and refine secure operational tradecraft principles to ensure the integrity of research operations.
• Work with cross-functional teams, including Intelligence, Product, and Engineering, to integrate research findings into Anomali's platform.
• Develop and utilize APIs for system integration and advanced data retrieval.

Requirements

• Bachelor's degree or an additional 3 years of experience in Cybersecurity, Computer Science, Data Science, Intelligence Studies, or relevant work, in lieu of degree.
• 4+ years of professional experience in cyber threat intelligence, open-source intelligence, or information security.
• Proven ability to design, implement, and interact with RESTful and other API types for data retrieval and integration.
• Deep understanding of technical terminology, tools, and tactics used by state-backed and cybercriminal adversaries.
• Experience navigating and analyzing large, unstructured datasets.
• Comprehensive knowledge of operational security (OPSEC) principles and best practices.
• Ability to work collaboratively in a remote team environment across different time zones.
• This position is not eligible for employment visa sponsorship. Nice-to-haves
• Additional language expertise (e.g., Russian, Mandarin, Spanish, Farsi, Arabic, Japanese, French).
• Background in the intelligence community or cyber threat intelligence research.
• Demonstrated engagement in the security or academic research communities, or open-source software development.
• Formal intelligence analysis training.
• Familiarity with building and deploying tools for internal use by research teams.
• Certifications in related areas (e.g., GOSI, SANS SEC487 & SEC587, IntelTechniques OSIP, etc.).
• Basic knowledge of programming/scripting languages (Python, Bash, Perl, C/C++, or JavaScript) and Structured Query Language (SQL).

Apply To this Job