【Key responsibilities】
- Threat Intelligence collection from OSINT (open-source intelligence), proprietary tools, or commercial systems.
- Threat Intelligence analysis and curation, to produce an accurate, timely, and relevant report for internal customers periodically.
- Handle TI inquiries from internal customers and conduct investigations using various in-house or 3rd party TI platforms or tools.
- Tracking of attack campaigns from cybercrime, ransomware, hacktivism and espionage adversary groups using all sources.

【Mandatory qualifications】
- Excellent information organization, critical thinking, and TI report technical writing skills in English.
- General reading proficiency in at least one of Chinese, Korean, Russian, or Japanese.
- Cybersecurity fundamentals: understanding of type of threats and vulnerabilities, network security, endpoint hacking and information operations.
- Strong ownership and sense of responsibility. Execute assigned tasks with little supervision, but know when to ask for help

【Desired qualifications】
【Medium Level】:
- 3+ years of work experience in IT engineering related fields: system engineer, IT consultants, information security or cybersecurity
- Experience/Knowledge of CSIRT, DFIR, SOC workflow, cyber alert triage, malware, APT espionage groups, or MITRE ATT&CK frameworks
- Passionate about learning new attack TTP (tactics, techniques, and procedures) and tracking malicious actors’ activities.
- Ability to understand cultural differences, international, nation and local regulation, and collaborate with other departments or subsidiaries.

【Senior Level】:
- 5+ years of work experience in Cyber Security / MSSP / Threat Intelligence fields: SOC Analyst, TI Analyst, DFIR Analyst.
- Independent research and tracking capability on APT campaign, eCrime adversary groups against enterprise CSIRT constituency.
- Familiar with multiple external TI tools such as VirusTotal Pro, DomainTools, passive DNS, urlscan pro, Maltego, or other TI platforms.
- Mentorship and development for junior members; hosting training for group subsidiary CSIRT customers.
- Good social networking skills or a prominent presence in TI or Security Communities.