Additional Information
The Buyer Fraud Intelligence Unit (BFIU) within PRISM SWAT is seeking a Threat Intelligence Analyst to lead a net-new intelligence function within Buyer Risk Prevention (BRP). This role is responsible for proactively identifying, analyzing, and disrupting emerging buyer-related threats to Amazon through systematic intelligence gathering across dark web marketplaces, encrypted channels, and fraud-as-a-service platforms. You will establish investigation methodology, tradecraft standards, and tooling workflows while also delivering actionable intelligence that feeds directly into detection rules, ML model retraining, and Legal referrals.
This position is open to both internal and external candidates. Internal candidates with strong fraud investigation foundations and a willingness to develop specialized tradecraft are encouraged to apply.
Key job responsibilities
* Dark Web & Deep Web Intelligence Collection: Monitor and analyze dark web marketplaces, carding forums, private Telegram channels, Discord servers, and paste sites for Amazon-specific exploitation techniques and emerging fraud modus operandi.
* Threat Actor Profiling: Identify, profile, and track threat actors, fraud-as-a-service providers, and organized fraud rings targeting Amazon's buyer ecosystem.
* Fraud MO Investigation & Reporting: Produce ≥1 comprehensive fraud modus operandi investigation report per month for Legal, including threat actor attribution, technical indicators, and estimated business impact.
* Tradecraft & Methodology Leadership: Establish and maintain investigation methodology, operational security standards, and tooling workflows for the BFIU team.
* Mentorship & Team Development: Serve as team lead, mentoring fellow analysts, and building toward independent investigation capability across the team.
* Cross-Functional Collaboration: Partner with ML, Risk Mining, Engineering, Legal, and Law Enforcement teams to operationalize intelligence findings into detection rules, model features, and enforcement actions.
* Law Enforcement Coordination: Establish and maintain referral pathways with CPE, SPI-External Enforcement, and external law enforcement agencies.
* Urgent Threat Alerts: Issue real-time alerts when active exploitation campaigns targeting Amazon buyers are detected, enabling immediate defensive response.
* Tooling & Automation: Drive adoption and optimization of intelligence platforms (Flashpoint, Maltego) and build custom collection scripts and enrichment pipelines.
A day in the life
You move between deep web research, cross functional collaboration, and intelligence production. You might be tracking a fraud tutorial on a carding forum, mapping threat actor infrastructure using link analysis tools, or walking the ML team through the exact system decision points a fraud MO exploits. You mentor analysts on tradecraft and OPSEC, finalize evidence packages for Legal, and update threat actor profiles as new intelligence emerges. Some days are heads-down research in adversarial environments; others are translating findings into detection rules with engineering partners. The constant: your work disrupts threats before they reach scale.
Amazon.com · Seattle, WA