Sr. Intelligence Analyst - DPRK Mission (Remote)

About the role

CrowdStrike Intelligence seeks a Senior Intelligence Analyst for its Global Threat Analysis Cell (GTAC) to track and analyze targeted intrusion activity associated with Democratic People's Republic of Korea (DPRK)-nexus adversaries. The Analyst will monitor DPRK-nexus cyber operations, identify emerging trends and threats, investigate suspected North Korean adversary activity, and produce strategic and tactical intelligence assessments and products that directly inform CrowdStrike customers.

Responsibilities

• Track adversary campaigns, tactics, techniques, and procedures (TTPs) through analysis of CrowdStrike's unique telemetry, open-source data sets, and third-party intelligence
• Author high-quality short and long format written reports independently that apply analytic tradecraft, including appropriate use of estimative language, confidence levels, and structured analytic techniques
• Generate reporting from a range of sources with minimal factual or accuracy errors and strong style, in line with CrowdStrike Intelligence standards
• Actively engage with inter-team discussions, including participation and leadership of groups in which you are the subject matter expert
• Identify intelligence gaps and propose research projects to address collection shortfalls, proactively seeking opportunities to collaborate on products with other teams
• Regularly conduct peer review of reporting by team members to maintain CrowdStrike Intelligence's analytic standards for accuracy, clarity, and objectivity
• Lead and participate in analytic discussions, respecting and incorporating input from others into investigations
• Prioritize, categorize, and respond to requests for information from internal and external customers, serving as a responsive go-to person on specific topics
• Identify and contribute to customer engagements and requests as directed for internal teams and external customers, actively contributing to resolving crisis situations
• Conduct briefings independently for a variety of customer levels via phone, video conference, webcast, in-person, or industry conferences
• Identify opportunities for automation and process improvements, contributing to the development of automation tools within existing frameworks
• Leverage cross-team contacts and inter-organizational partnerships to communicate and coordinate analytical priorities
• Track DPRK-nexus financial operations, including cryptocurrency theft, money laundering tradecraft, and blockchain-based sanctions evasion activity, and assess implications for adversary capability development and operational tempo
• Develop and maintain technical infrastructure tracking for DPRK-nexus adversaries, including use of tools such as Censys, VirusTotal, DomainTools, and Netflow to identify, pivot on, and document adversary infrastructure
• Contribute to team knowledge transfer through peer review, mentorship of junior analysts, and documentation of analytical methodologies and research findings in shared knowledge stores
• Support production planning discussions and contribute to prioritization of analytical workstreams and mission coverage

Requirements

• Required:
• Self-motivated professional with 3+ years' experience in a threat intelligence environment, with demonstrated expertise in DPRK cyber operations
• Advanced knowledge of threat intelligence research/collection tools and analytical tradecraft methods
• Demonstrated ability to identify, organize, catalog, and track adversary tradecraft trends - often with incomplete data
• Proven ability to produce a consistent stream of high-quality finished intelligence products on short deadlines independently, as well as maintaining analysis for long-term strategic assessments
• Strong understanding of technical concepts related to cyber threat research and ability to effectively communicate those concepts in written reporting
• Ability to conduct technical analysis of the tools and tradecraft employed by threat actors, as well as to enumerate and monitor threat actors' infrastructure
• Demonstrated proficiency with infrastructure tracking tools (e.g., Censys, VirusTotal, D

Benefits

Additional Information

As a global leader in cybersecurity, CrowdStrike protects the people, processes and technologies that drive modern organizations. Since 2011, our mission hasn't changed - we're here to stop breaches, and we've redefined modern security with the world's most advanced AI-native platform. Our customers span all industries, and they count on CrowdStrike to keep their businesses running, their communities safe and their lives moving forward. We're also a mission-driven company. We cultivate a culture that gives every CrowdStriker both the flexibility and autonomy to own their careers. We're always looking to add talented CrowdStrikers to the team who have limitless passion, a relentless focus on innovation and a fanatical commitment to our customers, our community and each other. Ready to join a mission that matters? The future of cybersecurity starts with you.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at CrowdStrike? Share your experience