(Senior) Technical Threat Intelligence Researcher/Analyst (f/m/d)

The Job

Du hast eine Leidenschaft für Cybersecurity?

Your team:

Our technical threat intelligence team tracks attackers and their activities to provide our clients with up-to-date information on malicious activity – both in the form of technical indicators and signatures as well as technical reports. To achieve this, we work with our Incident Response team, our SOC, as well as with external research teams. Our information is used daily by our stakeholders to protect their critical infrastructures and our European values. Within the team, we value the right balance between continuously producing technical content, responding to ad-hoc requests, and conducting long-term research projects.

Your Job:

• You collect and analyze technical information from public and commercial sources, as well as from our own telemetry, to create technical threat intelligence, identify and understand attack patterns, tactics/techniques, and campaigns of cyber actors.
• You translate the insights you gather about attackers, their malware, malicious infrastructure, and TTPs for our clients, helping them understand how to effectively protect themselves. You are responsible for independently creating indicators, signatures, and, if necessary, technical reports.
• You correlate information from various data sources and develop your own tools (preferably in a scripting language like Python) and methods for analyzing large datasets or unknown data.
• You communicate clearly and effectively with our clients about current threats and recommended protective measures.
• You work closely with other teams and external partners to share knowledge and gain new insights.
• With your experience, you help shape the direction in which the team’s capabilities and our threat intelligence services evolve

Skills

What you bring:

• At least three years of professional experience in the technical analysis of cyber threats (threat intelligence) or a related field (for example threat hunting, incident response).
• Strong analytical skills and experience using relevant threat intelligence sources (e.g., passive DNS, Netflow, host scanning, malware repositories).
• In-depth knowledge of attack strategies (TTPs) and threat analysis, including methods used by state-sponsored groups and cybercriminals
• Experience in the technical and continuous tracking of attacker groups, infrastructure and TTPs
• Experience creating detection content such as indicators and signatures (e.g., Suricata/Yara/Sigma)
• Experience with analysis tools such as MISP, Elastic Search, Splunk, SQL, and other big data applications, as well as developing your own tools (preferably in a scripting language like Python).
• A university degree in computer science, IT security, or a related field is ideal; alternatively, relevant professional experience is welcome
• Methodological knowledge for generating cyber threat intelligence (intelligence cycle, defining priority intelligence requirements) is a plus
• Independent working style, strong communication skills, and the ability to convey complex information clearly
• Fluent English skills (C1 level) and ideally good German skills (B2); additional language skills are a plus