Senior Threat Intelligence Researcher

Job Description

WithSecure delivers research-led cyber security to defend organizations, society and people from real-world attacks and build resilience into their approach. Our people are a mix of technical and creative experts – diverse, talented, and passionate people – working tirelessly to help us advance the industry with new ways of thinking. They lead their own development, in and out of the office. They call the shots when it comes to building a place to call home in our organization.

Our Managed Detection and Response (MDR) business provides a world leading managed service that detects and responds to cyber-attacks on behalf of our clients using a strong combination of people, process and technology.

What we need:

We need an experienced and passionate threat intelligence researcher to join our growing threat intelligence team. We are looking for an individual with strong analytical skills who can identify, analyse and track threat actors. WithSecure has a wide aperture full of valuable data sources relating to both criminal and nation state threats; therefore, the maximisation of the value from these sources combined with open-source intelligence will be a key requirement of the role. Reverse engineering skills and experience are desired, but not essential.

The team has an expanding remit and there is an opportunity to shape the future direction of threat intelligence at WithSecure and focus on delivering real value to organizations beyond the industry hype.

Job duties:

• Collect and analyse data from a variety of sources to cluster and track activity - and ultimately produce actionable intelligence
• Analyse malware, infrastructure and other malicious artefacts relating to threat actor activity to extract indicators and tradecraft
• Provide threat intelligence expertise to tactically support major incident response investigations
• Provide ongoing threat intelligence insights to assist MDR detection engineering efforts to keep up with the latest threats and offensive tradecraft
• Contribute to the engineering of tooling to enable WithSecure to effectively detect, track and respond to advanced threat actors
• To be an active team member who contributes towards a culture of constructive critical analysis in the production of intelligence assessments
• Effectively manage workload and time to meet deadlines of intelligence requirements

Desirable skills and experience:

• Experience working in a similar role in threat intelligence, research or incident response that involved elements of threat actor tracking and investigation
• Experience and detailed technical knowledge of threat actor tradecraft that can be used to develop techniques to discover and track the advanced threats of today and tomorrow across multiple data sets
• A strong understanding of OS fundamentals and network communication protocols
• Experience conducting static and dynamic analysis of different complexities of malware (obfuscation, packers, etc) using a variety of tools and techniques (IDA, WinDbg, R2, etc)
• Experience with programming/scripting languages (python, C#, etc) and exposure to ELK is desirable
• A passion and willingness to learn and continuously acquire knowledge to keep pace with modern threat actors’ operations and offensive techniques
• Familiarity with common techniques used by malware and threat actors and the industry standard lexicon for discussing such threats (e.g. MITRE ATT&CK)
• Excellent written English and communication skills for producing quality intelligence reports to be consumed both at the executive and technical practitioner level

What you will have access to:

MDR Tech Stack – Primarily based on our in-house EDR solution, but increasingly involving cloud-based data as well, this gives us deep visibility over all our customer’s estates (process, memory, network, etc). The data is invaluable both for extracting intelligence and hunting for adversaries and other threats.

In-house Malware Intelligence – We have various in-house technologies connected to different cyber security products we offer across millions of endpoints, which collect huge amounts of data on files seen executing, sandbox executions, URLs visited, certificates observed etc.

Incident Response – Our IR team regularly deals with major incidents across the world which provides insights that are extremely valuable primary source data of the latest interesting threats.

World-class Expertise – WithSecure employs around 1,700 people, a large percentage of which are security experts. Across the various areas of the business, such as consultancy, MDR and security software development, you can find at least one expert in almost any area of technology or security that you can think of.

Our four promises to you:

Freedom – you will have the opportunity to define new ways of working how we engage with our customers, and how product value gets represented

You will work together with experienced and enthusiastic colleagues, and within WithSecure you will find some of the best minds in the cyber security industry

Your work will be clearly visible and recognised – all over the world and across our business units

You can rely on the support from the entire WithSecure leadership including our top executives