CTI Analyst (specializing in OSINT and Russian-speaking cybercrime investigations) - F/M/X

Job Description

📣 For the sake of accessibility and clarity, inclusive writing is not used in this ad. Terms used in the masculine gender refer to both the feminine and masculine genders.

With the OWN Computer Emergency Response Team (OWN-CERT), your mission will be to research, investigate, capitalize on and analyze the elements available in open sources published by cybercriminals and other malicious actors, in order to understand their modus operandi.

You will work within a team of analysts specialized in Cyber ​​Threat Intelligence combining CERT activities and threat analysis. You will participate in the monitoring, production and daily capitalization of technical and strategic intelligence, contextualized and actionable on Russian-speaking cybercriminal ecosystems, profiles of threat actors, tactics and techniques, tools and software, mitigations and countermeasures, exchanges and their motivations.

As an OWN-CERT analyst, you will participate in the development of deliverables (technical, tactical and strategic reports, overviews, actor sheets, indicators, matrices, tools, advice and services) that are operable and usable for our clients, in order to support them in improving their overall cybersecurity posture.

As a Cyber ​​Threat Intelligence (CTI) Analyst, your missions will be 👩‍💻🧑‍💻

Operational missions:

• Tracking cybercriminal ecosystems by exploring exchanges and marketplaces to monitor malicious activity, cybercrime trends, and strategic movements within these communities;
• Analysis  of trends in publications, recruitment, data leaks, exploits and vulnerabilities. In case of specialization in a given geographical area, you may be required to contextualize the elements collected in their local language and cyber environment (examples: legal and regulatory framework, political and geopolitical environment, economy and technological infrastructure, culture and society, local cybercriminal groups, cybercrime trends and statistics);
• OSINT monitoring and investigation to enrich and contextualize the data and information collected by focusing on topics such as ransomware, Initial Access Brokers (IAB) and “as-a-service” cybercrime in general;
• Capitalization , feeding and maintenance of OWN-CERT CTI intelligence databases;

Production of information:

• Creation of actionable content of technical, tactical and strategic intelligence, including IOCs, exposure indicators, vulnerability and malware analyses, actor sheets, ecosystem maps, group analyses and geopolitical contexts.
• Writing  technical and strategic reports relating to the analysis of cyber threats, for our clients.

Commitment and innovation:

• In-depth investigations to conduct detailed investigations into the actors, Tactics, Techniques and Procedures (TTPs) and infrastructures of cyber attacker groups linked to Russian-speaking cybercriminal communities.
• Contribution to OWN-CERT tooling and CTI Research and Development (R&D) initiatives, such as the Yellow Team laboratory, the creation of attack scenarios and the development of internal tools.
• Development of the service offering by actively participating in the innovation and continuous improvement of our CTI services.
• Dissemination of knowledge by promoting and sharing the work of OWN-CERT, through blog posts, conference participation, prospective reports, white papers and other publications.

See more

Profile sought

We look forward to meeting you if 🤩

• You have a Bac+5 degree (engineer, developer, political science, etc.) or are self-taught, you have at least 3 years of experience in cybersecurity and monitoring of Russian-speaking cybercriminal ecosystems (forums, marketplaces, communication channels, etc.). You actively monitor cyber threats. You process data and information sources in Russian, English and French;
• You are passionate about cybersecurity;
• You are passionate about monitoring, technical and strategic analysis of cyber threats, monitoring publications on forums and marketplaces used by cybercriminals;
• You are fluent in Russian, English and French;
• You master advanced OSINT research techniques (advanced Internet research, database processing and enrichment, cybercriminal infrastructure mapping, metadata analysis, web scraping, fact checking and content analysis, crypto asset investigations, analysis of protocols such as WHOIS, Registration Data Access Protocol (RDAP), Domain Name System (DNS), etc.);
• You offer very good writing quality in English, Russian and French;
• You have an analytical and synthetic mind;
• You are proactive and creative;
• You are autonomous while maintaining a strong team spirit;

👀 Are you interested in this position but feel like you don't tick all the boxes? Apply without hesitation and tell us in the cover letter space why we absolutely must meet you!

See more

Conduct of interviews

📝 Here's what awaits you if you apply:

1. First telephone conversation with Fanny (HR Director) or Nisa (HR Manager) (30')
2. Two interviews with our operational staff (60')
3. Discussion (again!) with the HR team to understand your aspirations in detail and validate together that if we make you an offer, it will correspond to you 100% (45')

On the agenda: discussions rather than trick questions! These moments of exchange will allow you to understand the functioning and values ​​of OWN. But they are also (and above all) an opportunity for you to present your background and your expectations for your next job!

📣 At OWN, all applications are treated equally. We value diversity and strive every day to create and maintain an inclusive work environment for all our employees.

‍