• Strong candidates will have excellent OSINT research skills, substantial experience in Threat Intelligence (in particular, expertise in APTs), a strong technical foundation, practical knowledge of intelligence report writing, demonstrable ability to drive concurrent, interdepartmental projects to completion, and ability to work well in a group of distributed remote team members
• Deep understanding of the cyber threat landscape and the intelligence lifecycle
• Proven expertise in tracking and clustering multiple threat groups using techniques such as the Cyber Kill Chain or Diamond Model of Intrusion Analysis
• Experience with open source intelligence gathering tools and techniques
• Experience tracking and analyzing cyber campaigns utilizing structured analytical techniques involving numerous sources of threat intelligence and varied forms of threat data
• Understanding of the latest security trends as they relate to cyber threat adversary operations and motivating factors
• Exceptional analytical and critical thinking skills
• Experience in network and/or host-based intrusion analysis
• Proficiency in one of the following: Packet, and/or Metadata analysis
• Strong knowledge of networking protocols (e.g., TCP/IP) and datasets relevant to intrusion and network infrastructure analysis
• Experience using a comprehensive data analysis platform, with ability to recognize patterns and transform data into useful information
• Advanced communication (written and verbal) and presentation skills, both internally to CXO level and externally to clients
• In-depth knowledge of technical reporting and editing
• Ability to synthesize technical information and document it, in both a technical and non-technical manner, through written, graphical and verbal representation
• One of the following:
• BA/BS or equivalent in Computer Science, Computer Engineering, Information Security, Computer Security, Information Systems, Intelligence, or related discipline, OR
• Military training and experience in Cyber Intelligence, General Intelligence Studies, Security Studies, or related discipline
• At least 10 years experience in one or more of the following:
• Intrusion analysis
• Cyber threat hunting
• Cyber threat intelligence
• Incident response
• Network defense
• Endpoint forensics
• Malware analysis
• Excellent teamwork and interpersonal skills with ability to collaborate with a globally distributed team
• Willing and eager to share knowledge and mentor colleagues on intrusion analysis and threat intelligence best practices

Desirable

• Cloudflare is a system spanning the globe, on a mission to make the internet better, safer, and more powerful everyday
• To help fulfill this mission, we are seeking a talented Principal Threat Researcher to join us in growing our Cloudforce One Organization, where you will be instrumental in building a proactive and threat intelligence-driven approach to protecting Cloudflare and its customers from sophisticated and ever-evolving global threat actors
• This position requires an innovative, OPSEC-savvy, self-starting, and detail-oriented problem solver with a passion for identifying, tracking, and defeating sophisticated cyber threats
• As a Principal Threat Researcher, you will monitor cyber threat activity, trends, and methodologies across multiple platforms, supporting both client requests and proactive internal research
• You will serve a leading role in the discovery and analysis of cyber threat adversaries, their Tactics, Techniques, and Procedures (TTPs), along with applying knowledge of transnational issues and geopolitical developments to understand adversary actions and anticipate their next moves
• Work will involve developing and maintaining sources of threat intelligence to enable analysis, as well as examine and mitigate threats in real-time, leveraging emerging technologies to develop advanced tactical and strategic countermeasures
• You will also collaborate with engineering teams to ensure relevant data and analytics are incorporated in internal platforms to improve and/or automate threat research workflows
• In this role, you will obtain key threat intelligence information, synthesizing both technical and non-technical datasets to derive unique insights and author timely reporting related to adversary activity
• Reporting will range from brief descriptions of threat actors and their activity to finished intelligence products for clients and the general public
• This will include proposing subject matter for proactive reporting on threat actor TTPs and trends, as well as leading corresponding reporting efforts
• Additionally, Principal Threat Researchers will support priority intelligence requirements, ensuring Cloudforce One focuses resources and efforts on our clients' most relevant and crucial intelligence needs