Senior Identity Intelligence Analyst

Who We AreRed Canary was founded to create a world where every organization can make its greatest impact without fear of cyber threats. We’re a cyber security company who protects, supports and empowers organizations to make better security decisions so they can focus on their mission without fear of cyber threats.
The combination of our market-defining technology and expertise prevents breaches every day and sets a new standard for partnership in the industry. We’re united in our commitment to customers and grounded in our values, which earned us a place on the Forbes Best Start-up Employers 2022 list.  If our mission resonates with you, let’s talk.
What We Believe In- Do what’s right for the customer- Be kind and authentic- Deliver great quality- Be relentless
Challenges You Will SolveThe Red Canary Intelligence Team conducts in-depth analysis to provide context and help prioritize where to focus detection and response efforts. As a key contributor, you will investigate raw telemetry, analyze suspicious and confirmed threats, and conduct open-source research to associate activity with known adversaries. A significant focus is on researching identity-based threat actors and  cloud-targeted TTPs  across infrastructure services like AWS, GCP, and Azure, as well as platform services such as Okta, EntraID, and Kubernetes. Curiosity, adaptability, and a passion for addressing evolving threats will be vital for success in this dynamic, mission-driven team.
The role requires strong collaboration, outstanding communication, and experience in open-source threat research. A solid understanding of cyber threat intelligence and adversary behaviors is essential, alongside proficiency in analytical and problem-solving skills. Responsibilities include developing intelligence on emerging threats, producing actionable intelligence reports, defining new threat clusters, and identifying opportunities to bolster our  detection and response capabilities. Additionally, you will engage with internal teams, external partners, customers and the broader infosec community to communicate unique trends and noteworthy threat actor TTPs through blogs and presentations. This role involves staying updated on emerging threats, suggesting workflow improvements, and supporting customers in understanding and responding to their specific threat models.
If you bring a mix of these skills, we encourage you to apply—even if you don’t meet every requirement. The role will adapt to the person who joins.

What You’ll Do

• Research known and emerging threats with cloud and SaaS providers, including AWS, GCP, Azure, Office 365, and Google Workspaces
• Investigate telemetry and malicious activity to identify threats, provide context, and guide detection and response decisions. Work with Engineers and Data Scientists to ensure relevant data from Cloud and Identity telemetry sources are properly stored and indexed for historical analysis at scale.
• Conduct open and closed source research to associate suspicious activity with known threats and to communicate threats of concern to our customers. Sources include social media, blog posts, intelligence reports, sandbox output, private information sharing partners, internal detections, and more.
• Process and analyze patterns and trends in detections and write actionable intelligence products  to track TTPs, detection coverage, and remediation strategies.
• Define and analyze new activity clusters based on analysis of malicious and suspicious behaviors and activity observed across our customer base.
• Produce intelligence reports and communicate actionable insights based on analysis, both internally and externally to customers and the community.
• Actively engage with internal teams, external partners, customers, and the infosec community to share knowledge and enhance collaboration.
• Respond to customer questions about threats to help them understand their threat model, what matters to their organization, and what actions they can take in response to various threats.
• Validate Red Canary’s detection coverage against the continuously evolving threat landscape and identify unique or emerging threats to build detection coverage for.
• Mentor team members and contribute to the development of intelligence analysis expertise. Suggest new methods, processes, and products that the team could adopt to help us achieve our mission and improve our workflows.

What You’ll Bring

• Experience with, or a drive to research, cloud and SaaS providers, including AWS, GCP, Azure, Office 365, and Google Workspaces, and cloud attack techniques or cloud-based threat groups.
• Proficiency in analytical problem-solving, quick learning of tools, and familiarity with query languages and data platforms like SQL, Splunk, Elasticsearch, Synapse Storm, or others.
• Strong analytical and problem-solving skills, including the ability to synthesize complex and contradictory information.
• Experience in open-source threat research, including social media, blog posts, and malware sandboxes.
• Knowledge of cyber threat intelligence concepts including attribution, group naming, making assessments, and pivoting..Familiarity with the mechanics of attack behaviors and MITRE ATT&CK ®.
• Experience tracking adversaries, including threat groups, activity groups, or malware families, and ability to differentiate unique and shared characteristics of clusters.
• Outstanding communication skills, both written and verbal, including the ability to communicate technical concepts in a clear, succinct fashion to subject matter and non-subject matter experts alike.
• Experience in Intelligence,  Security Operations Center (SOC), Digital Forensics and Incident Response (DFIR), or other security-focused roles
• Curiosity and adaptability to dive into data, tackle new challenges, and thrive in a fast-paced environment.

The targeted base salary for this role is $140,000 - $170,000 per year. This role is also eligible for participation in the company's bonus program, and eligible for a grant of stock options, subject to the approval of the company's board of directors. The application deadline is February 28, 2025.
Benefit Highlights:- 100% Paid Premiums:  Red Canary offers a 100% paid plan option for medical, dental and vision for you and your dependents. No waiting period.- Health & Wellness - Access to mental health services, Employee Assistance Program and additional programs to incentivize healthy habits.  - Fertility Benefits: All new hires are eligible for benefits as of their first day.- Flexible Time Off: Take the time you need to recharge including vacation, sick, bereavement, jury duty, and holidays. - Paid Parental Leave- Full base pay to bond/care for your new child.- Pre-Tax Plans - Red Canary offers a variety of plans to fit you and your dependent specific needs including FSA, HRA and HSA, with employer funding to offset out of pocket health care expenses. - Flexible Work Environment- With 60% remote workforce, Canaries can work virtually from almost anywhere in the US.
Why Red Canary?Red Canary is where people embody our mission to improve security outcomes for all. People work hard to maintain a culture that encourages authenticity in order to do your best work. Our people are driven and committed to finding the best security outcomes, delivering real and actionable answers, and being transparent along the way. 
At Red Canary, we offer a very rich benefits program to our full-time team members so they can focus on their families and improving our customers’ security. For a full list of benefits, please review our Benefits Summary:https://resource.redcanary.com/rs/003-YRU-314/images/RedCanary_2025BenefitsSummary.pdf?version=0
Individuals seeking employment at Red Canary are considered without regard to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. Apply