With 1,000 intelligence professionals, over $300M in sales, and serving over 1,800 clients worldwide, Recorded Future is the world’s most advanced, and largest, intelligence company!

ACE Team, Insikt Group, Recorded Future

This role: Recorded Future’s Insikt Group seeks a senior-level cybercrime-focused Threat Intelligence Analyst with 5+ years of experience to focus on criminal investigations and operations. Among other activities, you’ll monitor cybercrime trends, activities, and methodologies across multiple criminal source types, including open-source reporting, criminal source types (forums, marketplace, shops, among others), and chat and other direct communication platforms. You will be engaged in both proactive research and in responding to requests from clients related to cybercriminality.

What you’ll do:

Lead a small team of cybersecurity professionals, including day-to-day delegations, client-facing and public reporting fulfillment, and ensuring quarterly OKRs are achieved.
Collaborate with senior leadership to develop team strategies, develop analysts, and fulfill needs and resources.
Create and devise new sourcing, collecting, and curating new data into the Recorded Future Platform.
Write reports ranging from brief descriptions of threats and threat actors to detailed finished intelligence reports for clients and the general public.
Able to engage with threat actors on a long-term basis to obtain additional information beyond what has been posted publicly on forums and similar platforms
Propose and oversee proactive reporting topics on cybercriminal-related TTPs and trends for internal and public consumption.
Work collaboratively across internal teams to help enhance Recorded Future’s collection, sourcing, research, and reporting capabilities by mentoring more junior team members.
Represent Recorded Future professionally at conferences and events including, but not limited to, webinars, speaking engagements, client presentations, scoping calls, and internal and external media engagements.

What you’ll bring (required):

5+ years of professional experience in roles in cyber intelligence, cyber and fraud investigations, or casework in other related disciplines.
Experience in leading and developing small teams to achieve team goals.
Familiarity with collaborating with senior leadership on developing out strategy and building upon team goals.
Knowledge and experience with analytic tradecraft, the intelligence cycle, open-source intelligence-gathering techniques, and strong intelligence writing skills, techniques, and methodologies
Familiarity with legal and regulatory requirements for acquisition of digital information and the standards for collecting digital evidence under US Federal laws
Experience conducting investigations and tracking campaigns on threat groups operating on criminal and clearnet sources, focusing on topics such as leaked databases and credentials, ransomware, DDoS operations, criminal marketplaces, and other current and emerging threats.
Knowledge and understanding of malicious tools and software used for cybercriminal activity and the ability to track and trace threat groups using a wide range of telemetry.
Knowledge of money laundering, fraud, and current cyber-enabled crime TTPs.
Knowledge and understanding of most computer operating systems, networking concepts, and security fundamentals.
Understanding of blockchain and cryptocurrency technologies, including trades, transfers, tracking, maintenance, documentation, and preservation.
Apply operational security (OPSEC) best practices to maintain the anonymity of yourself and Recorded Future while operating on criminal sources.
Ability to work well as part of a team working towards a unified goal.
Strong time management skills that align with prioritizing day-to-day expectations with proactive research.

Additional skills/experience (preferred but not required):

Foreign language proficiency: strong preference for Russian, Chinese, Farsi, Arabic, or Southeast Asian languages.
BA/BS or MA/MS degree or equivalent experience in Computer Science, Computer Engineering, Computer Programming, Digital Forensics, or a related discipline.
Government, security, or law enforcement experience.
Knowledge of Hacktivist trends and activities.
Knowledge or understanding of the links and relationships between cybercriminal, hacktivist, extremist, and state-sponsored operations and organizations.
Knowledge of money laundering TTPs, and has transacted in cryptocurrencies.
Familiarity with malware analysis, campaign infrastructure, and interpreting larger datasets.

Why should you join Recorded Future?
Recorded Future employees (or “Futurists”), represent over 40 nationalities and embody our core values of having high standards, practicing inclusion, and acting ethically. Our dedication to empowering clients with intelligence to disrupt adversaries has earned us a 4.8-star user rating from Gartner and more than 45 of the Fortune 100 companies as clients.

Want more info?
Blog & Podcast: Learn everything you want to know (and maybe some things you’d rather not know) about the world of cyber threat intelligence
Instagram & Twitter: What’s happening at Recorded Future
The Record: The Record is a cybersecurity news publication that explores the untold stories in this rapidly changing field
Timeline: History of Recorded Future
Recognition: Check out our awards and announcements

We are committed to maintaining an environment that attracts and retains talent from a diverse range of experiences, backgrounds and lifestyles. By ensuring all feel included and respected for being unique and bringing their whole selves to work, Recorded Future is made a better place every day.

If you need any accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to our recruiting team at careers@recordedfuture.com

Recorded Future is an equal opportunity and affirmative action employer and we encourage candidates from all backgrounds to apply. Recorded Future does not discriminate based on race, religion, color, national origin, gender including pregnancy, sexual orientation, gender identity, age, marital status, veteran status, disability or any other characteristic protected by law.

Recorded Future will not discharge, discipline or in any other manner discriminate against any employee or applicant for employment because such employee or applicant has inquired about, discussed, or disclosed the compensation of the employee or applicant or another employee or applicant.

Notice to Agency and Search Firm Representatives:
Recorded Future will not accept unsolicited resumes from any source other than directly from a candidate. Any unsolicited resumes sent to Recorded Future, including those sent to our employees or through our website, will become the property of Recorded Future. Recorded Future will not be liable for any fees related to unsolicited resumes.

Agencies must have a valid written agreement in place with Recorded Future's recruitment team and must receive written authorization before submitting resumes. Submissions made without such agreements and authorization will not be accepted and no fees will be paid.

Apply for this Job

* Required

First Name *

Last Name *

Email *

Phone *

Location (City) *

Resume/CV *

Dropbox Google Drive

(File types: pdf, doc, docx, txt, rtf)

Cover Letter

Dropbox Google Drive

(File types: pdf, doc, docx, txt, rtf)

LinkedIn Profile

How did you hear about this job? *

Recorded Future – Candidate Privacy Notice *

This candidate privacy notice explains who we are, why and how we process personal data relating to candidates and, if you are the subject of any of the personal data concerned, your rights and our contact details if you want further information or help.

When you apply for a job on www.recordedfuture.com the personal data contained in your application will be collected and processed by Recorded Future, Inc. (“we, us, our”). For the purposes of European Economic Area data protection law, (the "Data Protection Law"), the data controller is: Recorded Future, Inc., 363 Highland Avenue, Somerville, MA 02144, recruiting@recordedfuture.com ("Controller"). Our data protection officer is Frederic Wolens, who can be contacted at privacy@recordedfuture.com

We may process personal data relating to you that we have either obtained from you, or obtained from a third party including your previous or existing employers or reference agencies.

Personal data we may collect from you:

-Your name and contact information (home address, home phone number, personal mobile number, personal email address).
-Your country of residence, citizenship, passport information and information relevant to your right of residence or right to work.
-Your date of birth.
-Your national insurance or social security details, or other similar information that is used by the government to identify you.
-Your gender.
-Your bank account information or other related financial details.
-Details of your education and previous employment history.
-Your driver's license and related information
-Your photograph.

We may process special categories of information relating to you. The processing of this information is strictly controlled by applicable law and will only be processed in limited circumstances, and may include:

Information relating to your physical characteristics, health or any disabilities, where this is relevant to your occupation or employment (for example, for the purposes of occupational health).

Information relating to your marital status, racial characteristics or sexual orientation where this is relevant to, for example, diversity monitoring. This will normally only be processed with your consent in which case you are free to choose to provide this information, or not.

Your personal data will be processed for our legitimate interests for the purpose of managing our recruitment related activities, which include the setting up and conducting of interviews and tests for applicants, evaluating and assessing the results thereto and the selection of applicants for employment. As part of the recruitment and hiring processes we will need to process your personal data for the performance of a contract where we have offered you a position with our company.

Your personal data will be shared with Greenhouse Software, Inc., a cloud services provider located in the United States of America and engaged by us to help manage our recruitment and hiring process on our behalf. Accordingly, if you are located outside of the United States, your personal data will be transferred to the United States once you submit it through this site. Because the European Union Commission has determined that United States data privacy laws do not ensure an adequate level of protection for personal data collected from EU data subjects, the transfer will be subject to appropriate additional safeguards under the EU-US Privacy Shield.

Your personal data will be retained by us for as long as we decide that it is necessary to evaluate your application and determine whether to make you an offer of employment. After which it will be deleted or archived except to the extent that it is necessary for us to continue to process it for the purpose of compliance with legal obligations to which we are subject or for another legitimate and lawful purpose.

Under the GDPR, you have the right to request (i) access to your personal data, (ii) that your personal data be rectified or erased; and (iii) that processing of your personal data be restricted. You also have the right to data portability. In addition, you may lodge a complaint with your local supervisory authority. The Information Commissioner is the supervisory authority in the UK and can provide further information about your rights and our obligations in relation to your personal data.

Acknowledged

Are you legally authorized to work in the United States for Recorded Future? *

Do you now, or will you in the future, require sponsorship to work legally in the United States? *

Do you have experience working on our platform? *

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in Recorded Future’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Gender

Are you Hispanic/Latino?

Please identify your race

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Veteran Status

Voluntary Self-Identification of Disability

Form CC-305

Page 1 of 1

OMB Control Number 1250-0005

Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

Alcohol or other substance use disorder (not currently using drugs illegally)
Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
Blind or low vision
Cancer (past or present)
Cardiovascular or heart disease
Celiac disease
Cerebral palsy
Deaf or serious difficulty hearing
Diabetes
Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
Epilepsy or other seizure disorder
Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
Intellectual or developmental disability
Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
Missing limbs or partially missing limbs
Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
Partial or complete paralysis (any cause)
Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
Short stature (dwarfism)
Traumatic brain injury

Disability Status

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.

Enter the verification code sent to to confirm you are not a robot, then submit your application.

Security Code *

This application was flagged as potential bot traffic. To resubmit your application, turn off any VPNs, clear the browser's cache and cookies, or try another browser. If you still can't submit it, contact our support team through the help center.

Senior Threat Intelligence Analyst (Cybercrime)

Apply for this Job

Voluntary Self-Identification

Voluntary Self-Identification of Disability