Global Threat Intelligence Researcher

WHO ARE WE?

We are a bunch of super enthusiastic, passionate, and highly driven people, working to achieve a common goal We believe that work and the workplace should be joyful and always buzzing with energy

CloudSEK, one of India's most trusted Cyber security product companies, is on a mission to build the world's fastest and most reliable AI technology that identifies and resolves digital threats in real-time. The central proposition is leveraging Artificial Intelligence and Machine Learning to create a quick and reliable analysis and alert system that provides rapid detection across multiple internet sources, precise threat analysis, and prompt resolution with minimal human intervention.

Founded in 2015, headquartered at Singapore, we are proud to say that we've grown at a frenetic pace and have been able to achieve some accolades along the way, including:

CloudSEK's Product Suite:

• CloudSEK XVigil constantly maps a customer's digital assets, identifies threats and enriches them with cyber intelligence, and then provides workflows to manage and remediate all identified threats including takedown support.
• A powerful Attack Surface Monitoring tool that gives visibility and intelligence on customers' attack surfaces. CloudSEK's BeVigil uses a combination of Mobile, Web, Network and Encryption Scanners to map and protect known and unknown assets.
• CloudSEK's Contextual AI SVigil identifies software supply chain risks by monitoring Software, Cloud Services, and third-party dependencies.

Key Milestones:

• 2016: Launched our first product.
• 2018: Secured Pre-series A funding.
• 2019: Expanded operations to India, Southeast Asia, and the Americas.
• 2020: Won the NASSCOM-DSCI Excellence Award for Security Product Company of the Year.
• 2021: Raised $7M in Series A funding led by MassMutual Ventures.
• Awards & Recognition: Won NetApp Excellerator's "Best Growth Strategy Award," CloudSEK XVigil joined NVIDIA Inception Program, and won the NASSCOM Emerge 50 Cybersecurity Award.
• 2025: Secured $19 million in funding led by Tenacity Ventures, Commvault.

We are seeking a highly motivated and analytical Threat Intelligence Researcher to join our Global Threat Intelligence Team. The researcher will focus on tracking global threat activity, including ransomware operations, cybercrime ecosystems, etc., through a combination of infrastructure analysis, IAV (Initial Access Vector) mapping, and cyber HUMINT source development. The role requires a strong grasp of MITRE ATT&CK, MITRE Engage, the Diamond Model, and the Cyber Kill Chain, applied in operational and strategic research contexts.

• Conduct ransomware IAV (Initial Access Vector) mapping to understand infiltration patterns, affiliate ecosystems, and monetisation structures.
• Perform e-crime and underground forum research to identify, profile, and map threat actors (TAs), their infrastructure, tools, and tradecraft.
• Execute infrastructure hunting campaigns focusing on APT and e-crime C2 frameworks, leveraging passive DNS, TLS certificates, and web fingerprinting techniques.
• Develop and maintain cyber HUMINT sources, focusing on early warning, infiltration, and intelligence collection aligned with organisational goals.
• Correlate and analyse global threat campaigns across ransomware, APT, and access broker ecosystems to identify shared TTPs and infrastructure linkages.
• Apply analytical models such as MITRE ATT&CK, MITRE Engage, Diamond Model, and Cyber Kill Chain to develop structured threat intelligence outputs.
• Produce tactical, operational, and strategic intelligence reports with actionable recommendations for global stakeholders.
• Contribute to tooling, automation, and methodology development for IAV mapping, C2 identification, and infrastructure clustering.

• 3+ years of experience in threat intelligence, malware analysis, threat hunting, or digital investigations.
• Proven experience in tracking ransomware groups, access brokers, or APT campaigns through open-source, dark web, and technical telemetry.
• Deep understanding of MITRE ATT&CK, MITRE Engage, Diamond Model, and Cyber Kill Chain frameworks.
• Familiarity with C2 frameworks (e.g., Cobalt Strike, Mythic, Sliver, Quasar, etc.) and infrastructure hunting methodologies.
• Practical experience with IAV analysis, including exploitation of vulnerabilities, phishing, and social engineering vectors.
• Strong OSINT and technical investigation skills (Shodan, Censys, FOFA, Netlas, VirusTotal, Hybrid Analysis, etc.).
• Experience in cyber HUMINT or engagement within closed threat actor communities is a strong plus.
• Ability to synthesise complex datasets into coherent, high-quality intelligence products.
• Excellent written and verbal communication skills for both technical and executive audiences.

• Background in incident response, reverse engineering, or network analysis.
• Experience with Python or automation scripting for data enrichment and infrastructure correlation.
• Prior contributions to threat research publications, advisories, or CTI community initiatives.

Benefits of Joining CloudSEK

We provide an environment where you can develop and enhance your skills while delivering meaningful work that matters. You'll be rewarded a competitive salary as well as a full spectrum of generous perks and incentives which include:

• Flexible working hours.
• Food, unlimited snacks and drinks are all available while at office.

And, the finest part is yet to come Every now and then we ensure to unwind and have a good time together, which involves games, fun, and soulful music. Feel free to show off your artistic side here