[Remote] Sr. Intelligence Analyst - DPRK Mission (Remote)
Note: The job is a remote job and is open to candidates in USA. CrowdStrike is a global leader in cybersecurity, dedicated to stopping breaches through advanced AI-native platforms. The Senior Intelligence Analyst will track and analyze DPRK-nexus cyber operations, produce intelligence assessments, and engage with internal and external stakeholders to enhance security measures.
Responsibilities
- Track adversary campaigns, tactics, techniques, and procedures (TTPs) through analysis of CrowdStrike's unique telemetry, open-source data sets, and third-party intelligence
- Author high-quality short and long format written reports independently that apply analytic tradecraft, including appropriate use of estimative language, confidence levels, and structured analytic techniques
- Generate reporting from a range of sources with minimal factual or accuracy errors and strong style, in line with CrowdStrike Intelligence standards
- Actively engage with inter-team discussions, including participation and leadership of groups in which you are the subject matter expert
- Identify intelligence gaps and propose research projects to address collection shortfalls, proactively seeking opportunities to collaborate on products with other teams
- Regularly conduct peer review of reporting by team members to maintain CrowdStrike Intelligence's analytic standards for accuracy, clarity, and objectivity
- Lead and participate in analytic discussions, respecting and incorporating input from others into investigations
- Prioritize, categorize, and respond to requests for information from internal and external customers, serving as a responsive go-to person on specific topics
- Identify and contribute to customer engagements and requests as directed for internal teams and external customers, actively contributing to resolving crisis situations
- Conduct briefings independently for a variety of customer levels via phone, video conference, webcast, in-person, or industry conferences
- Identify opportunities for automation and process improvements, contributing to the development of automation tools within existing frameworks
- Leverage cross-team contacts and inter-organizational partnerships to communicate and coordinate analytical priorities
- Track DPRK-nexus financial operations, including cryptocurrency theft, money laundering tradecraft, and blockchain-based sanctions evasion activity, and assess implications for adversary capability development and operational tempo
- Develop and maintain technical infrastructure tracking for DPRK-nexus adversaries, including use of tools such as Censys, VirusTotal, DomainTools, and Netflow to identify, pivot on, and document adversary infrastructure
- Contribute to team knowledge transfer through peer review, mentorship of junior analysts, and documentation of analytical methodologies and research findings in shared knowledge stores
- Support production planning discussions and contribute to prioritization of analytical workstreams and mission coverage
Skills
- Self-motivated professional with 3+ years' experience in a threat intelligence environment, with demonstrated expertise in DPRK cyber operations
- Advanced knowledge of threat intelligence research/collection tools and analytical tradecraft methods
- Demonstrated ability to identify, organize, catalog, and track adversary tradecraft trends — often with incomplete data
- Proven ability to produce a consistent stream of high-quality finished intelligence products on short deadlines independently, as well as maintaining analysis for long-term strategic assessments
- Strong understanding of technical concepts related to cyber threat research and ability to effectively communicate those concepts in written reporting
- Ability to conduct technical analysis of the tools and tradecraft employed by threat actors, as well as to enumerate and monitor threat actors' infrastructure
- Demonstrated proficiency with infrastructure tracking tools (e.g., Censys, VirusTotal, DomainTools, Netflow, or equivalent) and ability to document methodology, pivot logic, and findings in a format that enables team-level knowledge transfer
- Demonstrated experience effectively coordinating research projects and written products among various sets of subject matter experts and technical specialists
- Strong understanding and application of adversary attribution concepts and ability to present attribution points in complex cases and work with other SMEs to gain consensus
- Excellent knowledge of geopolitical issues specific to the DPRK (including North Korean strategic objectives, Korean Peninsula security dynamics, regional politics, and the DPRK's use of cyber operations for revenue generation and sanctions evasion) and ability to use that information to support understanding of current and future impacts on the cyber threat landscape
- Conducts self-driven research and reading, with excellent awareness of the state of the field and knowledge of the CrowdStrike Intelligence ecosystem as it relates to the DPRK mission
- Understanding of multiple sources that inform analysis and awareness of priorities within the mission area
- Acts as a role model for analytical objectivity and independently resolves analytical disagreements
- Ability to act as a steady and reliable point of contact in times of high stress
- Familiarity with cryptocurrency tracking platforms (e.g., Chainalysis, TRM Labs, or equivalent) or demonstrable ability to rapidly develop proficiency; understanding of blockchain-based money laundering and sanctions evasion techniques as they relate to state-sponsored cyber operations
- Experience functioning as a team lead, senior contributor, or de facto subject matter expert within an intelligence production team; demonstrated ability to model analytical and technical methodology for less experienced analysts
- Track record of proactive initiative in identifying and filling intelligence gaps, coordinating cross-team products, and driving analytical work to completion with limited direction
- Education: Undergraduate degree, military training or relevant experience in cyber intelligence, computer science, general intelligence studies, security studies, political science, international relations, etc
Benefits
- Eligibility for bonuses
- Equity grants
- A comprehensive benefits package that includes health insurance, 401k and paid time off
- Market leader in compensation and equity awards
- Comprehensive physical and mental wellness programs
- Competitive vacation and holidays for recharge
- Paid parental and adoption leaves
- Professional development opportunities for all employees regardless of level or role
- Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections
- Vibrant office culture with world class amenities
- Great Place to Work Certified™ across the globe
Company Overview