Cyber Intelligence Analyst

ABOUT GROUP-IB:

Founded in 2003 and headquartered in Singapore, Group-IB is a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime. Combating cybercrime is in the company’s DNA, shaping its technological capabilities to defend businesses, and citizens, and support law enforcement operations.

Group-IB’s Digital Crime Resistance Centers (DCRCs) are located in the Middle East, Europe, Central Asia, and Asia-Pacific to help critically analyze and promptly mitigate regional and country-specific threats. These mission-critical units help Group-IB strengthen its contribution to global cybercrime prevention and continually expand its threat-hunting capabilities.

Each of us can help make the world a safer place. Join us!

ABOUT THE ROLE:

The selected candidate will be responsible for generating comprehensive cyber threat reports for both internal stakeholders and clients/partners. The reports will primarily cover Advanced Persistent Threat (APT) activities, intrusion tactics, techniques and procedures (TTP), as well as targeted entities. The role will involve leveraging internal and external resources to investigate threats and vulnerabilities, while also analyzing different threat actors and their attack infrastructure.

• Analyzing IOCs and TTPs of the Threat Actors from the META Threat Landscape;
• Craft, maintain, and document detection opportunities within the Threat Intelligence platform;
• Perform necessary correlation and research to create useful, compelling, and context-rich alerts for customers;
• Pursue research into current threats and industry trends to be aware of the most up-to-date threats in the META Threat Landscape;
• Drive initiatives to create detection content based on findings stemming from threat hunts and ad hoc detection opportunities;
• Develop mitigation and countermeasure strategies from collected threat intelligence;
• Leveraging MITRE ATT&CK categorization to align observed threat actor activity to Tactics, Techniques, and Procedures (TTPs).
• Create professional reports on a specific threat or the threat landscape in general.

• Understanding and interest in the threat landscape in the META region.
• Experience in analyzing the cybercrime community and profiling the threat actors.
• Basic knowledge of scripting language (Python, Bash).
• Knowledge of network technologies and principles of functioning of data networks, understanding of the features of the common data transfer protocols.
• Knowledge of OS architecture and operating principles.
• Good interpersonal skills, as well as the ability to communicate effectively orally and in writing.
• Experience in working with the next sources: Virustotal, Urlscan, Shodan, RiskIQ, Public sandboxes
• Optionally: Group-IB or other Threat Intelligence platforms