Cyber Threat Analyst

The Cyber Threat Analyst is responsible for conducting cyber threat intelligence analysis with a strong technical emphasis on infrastructure pivoting, malware analysis, and detection engineering in alignment with Chainlink Labs’ vision and objectives. The Analyst will play a critical role in proactively identifying, analyzing, and mitigating sophisticated cyber threats, dissecting malware and adversary techniques, conducting technical threat research, and developing detection methodologies to enhance security posture.

Your Impact

• Proactively track malicious infrastructure, hunt for new malware samples, and adversary tools to identify new adversary tooling, detection opportunities, and mitigation strategies.
• Create precise detection rules (e.g., YARA, Sigma) and develop custom tools and scripts to identify malicious activity proactively.
• Conduct deep-dive intelligence analysis and investigations related to suspicious activity and attempted attacks.
• Serve as an SME for malware reverse engineering, with a focus on ARM binaries.
• Maintain a working knowledge of adversarial tactics and techniques, and how they are being used to achieve current objectives.
• Collaborate with and support the investigations of other Cybersecurity Operations and Information Security teams.

Requirements

• At least two years of experience in cyber threat analysis or threat investigations.
• Demonstrated a high-level understanding of recent cyber trends, campaigns, incidents, and threat actor groups.
• Familiarity with Vertex Synapse and its Storm scripting language or experience with similar intelligence analysis tools.
• Real-life experience in detection engineering, including using SIEMs and writing effective detection rules in YARA or Sigma.
• Experience using technical data sources like file repositories, passive DNS, or internet service scans for threat research purposes.
• Understanding of network protocols such as HTTP, DNS, TLS.
• Prior experience with automated malware sandboxes to analyze malicious samples and identify detection opportunities. Proficiency with reverse engineering tools, such as Binary Ninja and Ghidra.

Preferred Requirements

• In-depth understanding of threats targeting the blockchain ecosystem, especially in relation to their tools and tradecraft, and how web2 threats affect web3 systems.
• Proven track record of building and maintaining logging, analysis, or enrichment pipelines, preferred languages include Python, Rust or Golang.
• Excellent verbal and written communication skills with prior experience in presenting research findings to internal and external stakeholders.
• Understanding of structured analytic techniques to help mitigate bias in analysis.