About the Role
Abnormal Security is looking for a Threat Intelligence Analyst with expertise in threat hunting, detection engineering, and operational intelligence to combat cloud-based phishing attacks, account takeovers (ATO), and business email compromise (BEC). In this role, you will perform threat hunts in Cloud/SaaS environments, extract actionable intelligence, and collaborate with R&D and Engineering teams to enhance security detections and counter evolving adversary tactics.
Who You Are
* Deeply experienced in Threat Intelligence & Threat Hunting, with a focus on Cloud/SaaS threats.
* Strong understanding of phishing, cloud-native threats, and adversary TTPs targeting identity and email security.
* Data-driven mindset, with experience analyzing large datasets using SQL, PySpark, and other query-based analysis tools.
* Skilled at bridging threat intelligence with engineering teams, ensuring insights translate into effective security controls.
* Comfortable working in agile, cross-functional teams, driving threat research into practical security improvements.
* Proven ability to present complex technical concepts to both technical and non-technical audiences.
* Results-driven, highly collaborative, self-motivated, and adaptable in fast-paced environments.
What You Will Do
Threat Hunting & Threat Intelligence
* Perform threat hunting and investigative research in Cloud/SaaS environments, focusing on email security, phishing, and account takeovers.
* Identify MFA bypass techniques, phishing infrastructure, and cloud-native attack methods targeting enterprise SaaS environments.
* Fuse internal telemetry, OSINT, and third-party intelligence sources to uncover and disrupt evolving threat actor campaigns.
* Develop threat models and attack hypotheses to identify new cloud-focused attack vectors.
* Conduct incident triage and investigative support for escalated incidents, providing internal teams with expertise on threat actors’ tools, techniques, and procedures (TTPs).
Detection Engineering
* Collaborate with R&D and Engineering teams to translate threat intelligence into scalable detections and mitigations.
* Design and refine cloud threat detection logic, hunting queries, and behavioral analytics to identify attacker activity.
* Analyze phishing toolkits, adversary infrastructure, and cloud-native attack methodologies to enhance proactive defenses.
* Work with product security teams to improve email security and identity protection mechanisms in Cloud/SaaS platforms.
Security Research
* Track and analyze threat actor groups, phishing campaigns, and cloud-based attack methodologies.
* Provide technical intelligence briefings to R&D and Engineering teams to inform security product improvements.
* Partner with internal stakeholders to evaluate emerging threats and recommend security enhancements for SaaS environments.
Must Haves
* Deep Expertise: 5+ years in cyber threat intelligence, threat hunting, or security research.
* 3+ years of experience in threat hunting and threat research within cloud ecosystems.
* Expertise in cloud security, SaaS-based attacks, and email security threats (ATO, BEC, phishing, MFA bypass, etc.).
* Strong data analysis skills with experience using SQL, PySpark, or other query languages to investigate large-scale threats.
* Deep understanding of MITRE ATT&CK, phishing tactics, and adversary infrastructure analysis.
* Hands-on experience with email security platforms, cloud threat analytics, and security automation.
* Collaborative Mindset: Ability to work cross-functionally with other departments such as R&D, Engineering, and Operations to achieve comprehensive cybersecurity coverage.
Nice to Have
* Security certifications (GCTI, GCFA, CISSP, or similar).
* Experience in security engineering, cloud-native security, or advanced detection development.
* Background in threat modeling, adversary emulation, or attacker TTP analysis.
* Experience working in high-scale SaaS environments, analyzing large security datasets.
#J-18808-Ljbffr