Senior Cloud Intelligence Analyst

Red Canary Remote Full-time

Who We Are
Red Canary was founded to create a world where every organization can make its greatest impact without fear of cyber threats. We’re a cyber security company who protects, supports and empowers organizations to make better security decisions so they can focus on their mission without fear of cyber threats.
The combination of our market-defining technology and expertise prevents breaches every day and sets a new standard for partnership in the industry. We’re united in our commitment to customers and grounded in our values, which earned us a place on Built In’s 2025 Best Places to Work list. If our mission resonates with you, let’s talk.
What We Believe In
– Do what’s right for the customer
– Be kind and authentic
– Deliver great quality
– Be relentless
Challenges You’ll Solve
The Red Canary Intelligence Team conducts in-depth analysis to provide context and help prioritize where to focus detection and response efforts. As a key contributor, you will investigate raw telemetry, analyze suspicious and confirmed threats, and conduct open-source research to associate activity with known adversaries. A significant focus is on researching identity-based threat actors and  cloud-targeted TTPs  across infrastructure services like AWS, GCP, and Azure, as well as platform services such as Okta, EntraID, and Kubernetes. Curiosity, adaptability, and a passion for addressing evolving threats will be vital for success in this dynamic, mission-driven team.
The role requires strong collaboration, outstanding communication, and experience in open-source threat research. A solid understanding of cyber threat intelligence and adversary behaviors is essential, alongside proficiency in analytical and problem-solving skills. Responsibilities include developing intelligence on emerging threats, producing actionable intelligence reports, defining new threat clusters, and identifying opportunities to bolster our  detection and response capabilities. Additionally, you will engage with internal teams, external partners, customers and the broader infosec community to communicate unique trends and noteworthy threat actor TTPs through blogs and presentations. This role involves staying updated on emerging threats, suggesting workflow improvements, and supporting customers in understanding and responding to their specific threat models.
If you bring a mix of these skills, we encourage you to apply—even if you don’t meet every requirement. The role will adapt to the person who joins.

What You’ll Do

  • Research known and emerging threats with cloud and SaaS providers, including AWS, GCP, Azure, Office 365, and Google Workspaces
  • Investigate telemetry and malicious activity to identify threats, provide context, and guide detection and response decisions. Work with Engineers and Data Scientists to ensure relevant data from Cloud and Identity telemetry sources are properly stored and indexed for historical analysis at scale.
  • Conduct open and closed source research to associate suspicious activity with known threats and to communicate threats of concern to our customers. Sources include social media, blog posts, intelligence reports, sandbox output, private information sharing partners, internal detections, and more.
  • Process and analyze patterns and trends in detections and write actionable intelligence products  to track TTPs, detection coverage, and remediation strategies.
  • Define and analyze new activity clusters based on analysis of malicious and suspicious behaviors and activity observed across our customer base.
  • Produce intelligence reports and communicate actionable insights based on analysis, both internally and externally to customers and the community.
  • Actively engage with internal teams, external partners, customers, and the infosec community to share knowledge and enhance collaboration.
  • Respond to customer questions about threats to help them understand their threat model, what matters to their organization, and what actions they can take in response to various threats.
  • Validate Red Canary’s detection coverage against the continuously evolving threat landscape and identify unique or emerging threats to build detection coverage for.
  • Mentor team members and contribute to the development of intelligence analysis expertise. Suggest new methods, processes, and products that the team could adopt to help us achieve our mission and improve our workflows.

What You’ll Bring

  • Experience with, or a drive to research, cloud and SaaS providers, including AWS, GCP, Azure, Office 365, and Google Workspaces, and cloud attack techniques or cloud-based threat groups.
  • Proficiency in analytical problem-solving, quick learning of tools, and familiarity with query languages and data platforms like SQL, Splunk, Elasticsearch, Synapse Storm, or others.
  • Strong analytical and problem-solving skills, including the ability to synthesize complex and contradictory information.
  • Experience in open-source threat research, including social media, blog posts, and malware sandboxes.
  • Knowledge of cyber threat intelligence concepts including attribution, group naming, making assessments, and pivoting..Familiarity with the mechanics of attack behaviors and MITRE ATT&CK ®.
  • Experience tracking adversaries, including threat groups, activity groups, or malware families, and ability to differentiate unique and shared characteristics of clusters.
  • Outstanding communication skills, both written and verbal, including the ability to communicate technical concepts in a clear, succinct fashion to subject matter and non-subject matter experts alike.
  • Experience in Intelligence,  Security Operations Center (SOC), Digital Forensics and Incident Response (DFIR), or other security-focused roles
  • Curiosity and adaptability to dive into data, tackle new challenges, and thrive in a fast-paced environment.