Job Closed
This listing is no longer active.
Sr. Threat Researcher (Remote, IND)
Location
India
Posted
72 days ago
Salary
0
Seniority
Senior
Job Description
Sr. Threat Researcher (Remote, IND)
CrowdStrike
As a global leader in cybersecurity, CrowdStrike protects the people, processes and technologies that drive modern organizations. Since 2011, our mission hasn’t changed — we’re here to stop breaches, and we’ve redefined modern security with the world’s most advanced AI-native platform. Our customers span all industries, and they count on CrowdStrike to keep their businesses running, their communities safe and their lives moving forward. We’re also a mission-driven company. We cultivate a culture that gives every CrowdStriker both the flexibility and autonomy to own their careers. We’re always looking to add talented CrowdStrikers to the team who have limitless passion, a relentless focus on innovation and a fanatical commitment to our customers, our community and each other. Ready to join a mission that matters? The future of cybersecurity starts with you. About the Role: As a Senior Threat Researcher, you will be a technical leader and subject matter expert within the Threat Research team, driving innovation in threat detection and response capabilities. This is an individual contributor position focused on technical excellence and thought leadership, requiring deep expertise in reverse engineering, malware analysis, and automation. You will take ownership of the most complex threats facing CrowdStrike customers, architect scalable automation solutions, and serve as a technical mentor to researchers across all experience levels. Your work will directly influence the direction of threat research methodologies, tooling, and detection strategies that protect millions of endpoints worldwide. About the team: The CrowdStrike Malware Research Center is the core of Falcon's malware detection and response capabilities. The team has a focus on understanding the threat landscape and sets the target for what Falcon should be identifying and preventing. Additionally, the MRC is responsible for understanding our capabilities, and mapping how well our machine learning and behavioral protection capabilities are doing against those threats. Where there is a gap, the MRC takes action to improve our detection stance, and improve our overall protection story. MRC also performs pathfinding research to enable technology development using innovation, prototyping and bleeding edge machine learning to support our flagship Falcon product. There are many parts of CrowdStrike working towards protecting customer environments, and the MRC works across all of them to ensure we are on target and providing the best protection for our current Threat landscape. Leading the charge for understanding the activity of malware today is the Threat Research team. With a focus on malware research, the primary role of the team is to understand relevant threats and techniques used in malware that are threatening our customer's business. The challenge is the enormous scale of malware today and sheer number of samples required to be addressed. This takes a more creative approach than traditional Anti-Virus research, focusing on one sample at a time. The modern threat lab requires an economy of scale through automation and machine learning to allow people to focus on new learnings, and let systems continue to identify malware based on what the team has learned. What You'll Do: - Take ownership of critical technical initiatives and architect scalable automation solutions for malware analysis at scale - Serve as a technical mentor to researchers across all experience levels, helping to elevate team capabilities through knowledge sharing and technical guidance - Work independently on the most challenging and complex threats, performing deep reverse engineering and analysis - Collaborate cross-functionally with Engineering, Product, and Detection teams to translate research findings into production capabilities - Design proof-of-concept automation solutions and effectively hand off to engineering teams for production implementation - Directly influence the direction of threat research methodologies, tooling, and detection strategies across the organization - Drive technical excellence and thought leadership within the team, setting standards for analysis quality and automation practices - Build and optimize scalable automation pipelines, including integration with sandbox environments, YARA rule generation, and threat intelligence platforms - Produce high-quality technical documentation and reports that effectively communicate complex technical concepts to diverse audiences What You'll Need: - Bachelor's or Master's degree in Computer Science or comparable field - 12+ years of experience in the threat research field with a focus on malware analysis and reverse engineering - Strong reverse engineering skills on file-based threats, with demonstrated ability to deliver high-quality, in-depth analysis - Solid proficiency in disassembly and deep understanding of structured programming, compiler behaviors, and binary analysis techniques. Experience with reverse engineering tools such as IDA Pro, Ghidra, Binary Ninja, x64Dbg, or similar platforms - Experience in using machine learning and artificial intelligence for static and dynamic threat detection, including understanding of ML pipelines and model deployment in production environments - Strong understanding of file formats for compiled code and scripted files, with ability to analyze and contribute to parsers and feature extraction tools - Proficiency in multiple programming languages such as Python, Go, Rust, C++, or similar, with demonstrated ability to build production-quality automation tools and systems - Deep familiarity with multiple major Operating Systems (Windows, Linux, Mac), with in-depth knowledge of OS internals, kernel behaviors, and how host systems function at a technical level - Experience working with large data sets using tools like Splunk, ElasticSearch-Kibana, or similar platforms, along with knowledge of relational (MySQL, PostgreSQL) and non-relational/NoSQL databases (MongoDB, Cassandra, ElasticSearch) - Experience in building scalable automation pipelines for malware analysis, including integration with sandbox environments, YARA rule generation, and threat intelligence platforms - Deep working knowledge of malware-based automation workflows and techniques, with demonstrated ability to architect end-to-end automation solutions - Strong understanding of MITRE ATT&CK framework to describe and categorize threat behaviors - Strong technical communication and writing skills with ability to articulate complex technical concepts clearly and concisely to both technical and non-technical audiences - Track record of mentoring and providing technical guidance to researchers at all levels - Ability to influence technical direction and research strategy through deep expertise and thought leadership Bonus Points: - Experience leveraging Generative AI and Large Language Models for threat research automation workflows, including malware analysis, report generation, and threat intelligence synthesis - Proven ability to design and implement AI-powered automation solutions that enhance team productivity and scale threat research capabilities - Understanding of prompt engineering, AI model integration, and the application of GenAI tools in cybersecurity contexts - Proficiency in data visualization and statistical analysis techniques for threat intelligence and research insights - Additional reverse engineering expertise around file-less threats, exploits, rootkits, and advanced attack techniques - Experience working with certification partners like AV-Test, AV-Comparatives, SE Labs LI-VJ1 LI-Remote Benefits of Working at CrowdStrike: - Market leader in compensation and equity awards - Comprehensive physical and mental wellness programs - Competitive vacation and holidays for recharge - Paid parental and adoption leaves - Professional development opportunities for all employees regardless of level or role - Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections - Vibrant office culture with world class amenities - Great Place to Work Certified™ across the globe CrowdStrike is proud to be an equal opportunity employer. We are committed to fostering a culture of belonging where everyone is valued for who they are and empowered to succeed. We support veterans and individuals with disabilities through our affirmative action program. CrowdStrike is committed to providing equal employment opportunity for all employees and applicants for employment. The Company does not discriminate in employment opportunities or practices on the basis of race, color, creed, ethnicity, religion, sex (including pregnancy or pregnancy-related medical conditions), sexual orientation, gender identity, marital or family status, veteran status, age, national origin, ancestry, physical disability (including HIV and AIDS), mental disability, medical condition, genetic information, membership or activity in a local human rights commission, status with regard to public assistance, or any other characteristic protected by law. We base all employment decisions--including recruitment, selection, training, compensation, benefits, discipline, promotions, transfers, lay-offs, return from lay-off, terminations and social/recreational programs--on valid job requirements. If you need assistance accessing or reviewing the information on this website or need help submitting an application for employment or requesting an accommodation, please contact us at recruiting@crowdstrike.com for further assistance.
Benefits
- 401(K), 401(K) matching, Adoption Assistance, Commuter benefits, Company equity, Company-sponsored outings, Company sponsored family events, Dental insurance, Disability insurance, Volunteer in local community, Employee stock purchase plan, Family medical leave, Flexible Spending Account (FSA), Flexible work schedule, Generous parental leave, Generous PTO, Company-sponsored happy hours, Health insurance, Job training & conferences, Open door policy, Life insurance, Charitable contribution matching, Mentorship program, Paid volunteer time, Online course subscriptions available, Open office floor plan, Paid holidays, Paid sick days, Performance bonus, Promote from within, Lunch and learns, Relocation assistance, Remote work program, Return-to-work program post parental leave, Free snacks and drinks, Team based strategic planning, OKR operational model, Continuing education available during work hours, Unlimited vacation policy, Vision insurance, Wellness programs, Some meals provided, Mental health benefits, Employee resource groups, Hybrid work model, Flexible time off
Related Guides
Related Categories
Related Job Pages
More Threat Intelligence Specialist Jobs
Senior OT Threat Hunter
DragosDragos is a computer and network security company specializing in industrial cybersecurity, incident response, threat intelligence, and security software. Past flexible jobs at Dra
Dragos is on a relentless mission to defend industrial organizations that provide us with the necessities of modern civilization; running water, functioning electricity, and safe industrial working environments. As the market leader in ICS/OT Cybersecurity, we are dedicated to arming our customers with best-in-class technology, threat intelligence, and services to protect their systems as effectively and efficiently as possible. We’re a remote-first culture with operations in North America, Europe, the Middle East, and APAC. We’re looking for mission-oriented teammates who embody our core values of authenticity, transparency, and trust. Are you ready to make a difference? Come join a mission that can save the world! About the Role: As a Senior OT Threat Hunter on the OT Watch team, you will play a key role in delivering Dragos’ proactive threat hunting service, focused on identifying adversary activity within customer OT environments using the Dragos Platform. Leveraging deep visibility into OT networks and your industrial domain expertise, you will uncover sophisticated threats and help drive continuous improvements to the threat hunting program. You will independently lead hunt operations, serve as an escalation point for the team, and collaborate closely with Intelligence, Services, Product, and Engineering partners to enhance detections and overall capabilities. You will also act as a trusted advisor to customers during critical security events, providing clear, actionable guidance grounded in technical analysis. Responsibilities: - Lead independent, hypothesis‑driven threat hunting operations across customer ICS/OT environments, investigating suspicious network behaviors to identify adversaries, anomalies, and misconfigurations. - Serve as the primary escalation point for high‑severity events detected in the Dragos Platform, guiding OT Hunters and Security Analysts through triage, analysis, and response. - Communicate critical findings directly to customers, providing clear, actionable remediation guidance and confidently addressing technical questions during security events. - Tune and optimize Dragos Platform configurations and distributed hunt profiles to improve detection fidelity, reduce noise, and validate detection triggers based on operational findings. - Develop and refine original hunt hypotheses, content, and workflows, and provide structured feedback to Detection Engineering and Intelligence teams to enhance detections, IOCs, and threat intelligence outputs. - Contribute to operational reporting and incident summaries, support custom reporting needs, and mentor junior team members to promote technical rigor, knowledge sharing, and continuous improvement across the team. Qualifications: - 5+ years of experience in threat hunting, security monitoring, or incident response within ICS/OT environments. - Strong understanding of networking concepts (e.g., TCP/IP, firewalls, DNS, packet analysis) and OT-specific protocols (e.g., Modbus, DNP3, Ethernet/IP). - Experience with PCAP analysis, IDS/IPS, SIEM platforms, or other network traffic analysis tools in an OT context. - Deep familiarity with adversary tactics, techniques, and procedures (TTPs) relevant to OT environments, including MITRE ATT&CK for ICS. - Familiarity with threat intelligence workflows, including consumption and feedback loops with intelligence and detection engineering teams. - Proven ability to communicate complex security findings to clients and internal stakeholders, both verbally and in writing. - Experience acting as a technical escalation point or senior contributor in a security operations or threat hunting context. - Ability to work independently and lead efforts in a remote, distributed team environment. Compensation: - Salary: 150,000 AUD - Competitive Equity Package - Comprehensive Benefits Plan #LI-JF1 #LI-REMOTE Dragos is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics, or any other basis forbidden under federal, state, or local laws. All new hires must pass a background check as a condition of employment.
Threat Intelligence Researcher
Rapid7At Rapid7, our vision is to create a secure digital world for our customers, our industry, and our communities. We do this by harnessing our collective expertise and passion to challenge what’s possible and drive extraordinary impact. We’re building a dynamic and collaborative workplace where new ideas are welcome. Protecting 11,000+ customers against bad actors and threats means we’re continuing to push the envelope - just like we’ve been doing for the past 20 years. If you’re ready to solve some of the toughest challenges in cybersecurity, we’re ready to help you take command of your career. Join us.
We are looking for a Threat Intelligence Researcher who can analyze cyber threats and turn technical data into clear, useful insights. You will work closely with a team and clients, create reports, and build simple tools or scripts (mainly in Python) to improve how data is collected and analyzed. This role requires strong problem-solving skills, good communication, teamwork, and taking responsibility for delivering results. About the team You will join a team of threat intelligence researchers focused on investigating cyber threats, tracking threat actors, and producing actionable intelligence. The team works closely with other groups to collect data, analyze trends, and improve tools and processes for faster and more accurate insights. Daily work includes research, reporting, and collaboration to deliver intelligence that supports customers and business decisions. About the Role We are seeking an analytical and experienced Threat Intelligence Researcher to join our team. This is a technical role that necessitates bridging the gap between traditional intelligence analysis and software engineering principles. You will be responsible for producing strategic and technical intelligence reports and developing automation and scripting solutions for the team. Specifically, your focus will be on: - Intelligence Reporting: Conduct in-depth investigations and produce comprehensive reports based on customer requests. - Client Engagement: Participate in customer-facing meetings as required to present findings or gather requirements. - Tool Development: Design, implement, and maintain internal tools, scripts, and data scrapers (primarily utilizing Python) to streamline data collection and analysis. - Actionable Intelligence Production: Convert raw technical data into finished, actionable intelligence products, including detailed technical reports, the creation of YARA/Sigma rules, and executive-level briefings. The skills and qualities you will bring include: - Technical Expertise: Possess a robust background in cybersecurity and threat intelligence research. - Programming Proficiency: Demonstrated proficiency in Python, Go, or C++, with a particular emphasis on developing automation or data processing pipelines. - Analytical Acumen: Proven ability to synthesize disparate data points to construct a cohesive and accurate intelligence picture. - Professional Communication: Exceptional technical writing skills and the capability to present complex findings to stakeholders with clarity and professional gravity. - Accountability: Ownership by holding self and others responsible for driving outcomes and meeting commitments that deliver value for the business and customers. - Adaptability & Automation Mindset: Comfortable navigating change and ambiguity, with a proactive approach to improving efficiency by automating manual tasks and streamlining team workflows. - Language Proficiency: Fluent written and verbal communication skills in English. - Core Value Embodiment: Embody our core values to foster a culture of excellence that drives meaningful impact and collective success. Preferred Skills - Demonstrated familiarity with the MITRE ATT&CK framework. - Active engagement within the security research community (e.g., participation in CTFs, publishing blog posts, or contributing to open-source projects). - Highly articulate, written, and verbal English communication. - Comprehensive understanding of the threat intelligence landscape, including Advanced Persistent Threats (APTs), Initial Access Brokers (IABs), and their Modus Operandi. - Familiarity with the Dark Web and the cybercrime forum ecosystem. We know that the best ideas and solutions come from multi-dimensional teams. That's because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don't be shy - apply today. #LI-SIM About Rapid7 At Rapid7, our vision is to create a secure digital world for our customers, our industry, and our communities. We do this by harnessing our collective expertise and passion to challenge what's possible and drive extraordinary impact. We're building a dynamic and collaborative workplace where new ideas are welcome. Protecting 11,000+ customers against bad actors and threats means we're continuing to push the envelope just like we' ve been doing for the past 20 years. If you 're ready to solve some of the toughest challenges in cybersecurity, we're ready to help you take command of your career. Join us.
• Analyze and classify web malware: PHP shells, JavaScript injectors, WordPress backdoors, SEO spam, redirectors, cryptominers, and other threats targeting the hosting ecosystem • Reverse-engineer obfuscated PHP and JavaScript to understand attacker techniques and extract detection patterns • Write and refine PCRE-based detection signatures for our scanning engine precision matters, false positives erode customer trust • Maintain processing SLAs as part of a globally distributed team providing round-the-clock malware coverage • Research emerging threats new CMS exploitation techniques, supply-chain attacks on plugins/themes, zero-day delivery methods
Principal Threat Intelligence Analyst (Night Shift)
Sibylline LtdSibylline is a leading strategic risk consultancy, delivering timely, accurate, relevant and actionable intelligence.
Company Description About Sibylline Sibylline is a leading intelligence and strategic risk consultancy in the security sector. Since 2010 we have supported businesses, governments and NGOs by providing high-quality risk analysis, due diligence and consultancy services. The firm provides an innovative, entrepreneurial and fast-growing working environment, offering employees ever greater exposure to high-profile clients and challenges. Sibylline offers fantastic opportunities for career progression within a successful company, and we aim to help our employees build their own personal profiles as well-regarded analysts within the broader industry. Key attributes of Sibylline employees are: - Self-motivated, and auto-improving individuals who can couple initiative and boldness with good judgement - Excellent written and spoken English - Clarity of thought and analytical flair - Strong, demonstrable interest in security and intelligence - The ability to work under pressure, demonstrate leadership when required but also be able to collaborate effectively in teams - Excellent attention to detail Job Description Position Summary The Principal Threat Intelligence Analyst/Lead Threat Intelligence Analyst is a senior member of Sibylline’s Threat Intelligence Unit (TIU), responsible for leading reporting efforts, managing analysts, and driving innovation in intelligence methodologies and tooling. As a Principal Analyst, you will lead product development, client engagements, and contribute to strategic direction across the TIU. Operating within a dynamic and fast-paced environment, you will be responsible for leading high-quality intelligence outputs, managing tailored client requests, and supporting the development of standing and bespoke products and SOPs. This is a full-time remote role in the UK requiring to work night shifts, with flexibility to work weekends and public holidays as part of the shift rotation. This role may require working outside standard hours based on client needs, including up to a 24/7 schedule. Occasional travel to the office will also be required for training, events, or administrative purposes. Essential Functions / Responsibilities - Lead reporting and produce all TIU products to exceptional standards with minimal editing - Perform editing and proofing duties, mentor analysts on writing style and standards, and lead desk-level training - Lead training on intelligence methodologies and structured analytic techniques - Train analysts on Sibylline/3rd party technology including visualisation software, data manipulation, and ASTRA - Collaborate and innovate use of data within reporting - Lead product development and cross-desk initiatives - Lead client scoping calls and manage tailored intelligence projects - Deliver internal and external presentations, including GIT training sessions and client briefings - Act as a point of contact for media requests and represent Sibylline at external events - Provide line management for analysts and senior analysts within the team. Knowledge, Skills, and Abilities - Exceptional writing, editing, and analytical skills for shaping high-quality intelligence products - Demonstrated experience/interest in covering geopolitical topics - Deep expertise in intelligence methodologies, advanced technical proficiency with monitoring tools and experience leading training sessions - Proficient in intelligence monitoring and data visualization tools (e.g., Dataminr, Navigator). - Strong leadership and mentoring abilities with a strategic mindset - Skilled in managing multiple priorities under pressure in 24/7 operational environments - Experienced in client engagement, including leading scoping calls and delivering tailored intelligence - High competency with Microsoft Office and analytical software - Extensive background in threat intelligence, geopolitical analysis, or security operations across corporate, government, or consultancy settings - Familiarity with mass notification systems and social media monitoring tools - Proven ability to lead editorial processes and develop team capabilities - Ability to manage complex client requirements and cross-desk initiatives. Qualifications - Bachelor's degree in Security Studies, International Relations, War Studies, Criminal Justice, or a related field; or equivalent professional experience - Minimum 3 years of experience in threat intelligence, geopolitical analysis, or security operations - Ability to work flexible hours including evenings, weekends, and holidays as operational needs dictate. Schedule may include rotating shifts and on-call responsibilities to ensure continuous coverage. Additional Information Interview Process - Initial call with our Talent Acquisition team member - Timed written assessment (arranged at a time that suits you) to test writing and analytical capability - Panel interview with some of the team members and hiring managers at Sibylline Research indicates that certain groups are less likely to apply for a position unless they meet every single requirement. If you feel you meet some of the requirements and can offer a unique perspective to this role, we strongly encourage you to apply—you might be the perfect fit we're looking for! Sibylline is committed to the recruitment and selection of candidates without regard for sexual orientation, gender, ethnicity, age, political beliefs, culture, and lifestyle. We are committed to fostering a business culture that reflects these values and promotes equal opportunity.
