Cyber Threat Intelligence Research Intern

Job not on LinkedIn

🕒 November 20, 2025

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

cloudDFN

WebsiteLinkedInAll Job Openings

11 - 50 employees

Founded 2019

🔒 Cybersecurity

☁️ SaaS

🤝 B2B

Cybersecurity • SaaS • B2B

cloudDFN is a cybersecurity company offering WatchTower, a next-generation CAASM (Cyber Asset Attack Surface Management) platform that consolidates risk-based vulnerability management, external attack surface monitoring, dark web surveillance, third-party/vendor risk management, and compliance oversight into a single SaaS offering. The company also provides managed security services (24x7 SOC) and Penetration Testing as a Service (PTaaS), integrating with 30+ security tools to give organizations a unified view of their security posture. cloudDFN primarily targets enterprise and mid-market IT and security teams to help proactively identify, prioritize, and remediate risks.

📋 Description

• Monitor dark web forums, marketplaces, Telegram channels, paste sites, and other underground sources for potential leaks related to our customers (credentials, PII, configs, access offers, etc.). • Identify and track threat actors, their aliases, activity patterns, and infrastructure. • Use OSINT tools and frameworks (e.g., Maltego, SpiderFoot, Shodan, Censys, whois, etc.) to gather intelligence on domains, IPs, email addresses, and infrastructure related to threats. • Correlate data from multiple sources (dark web, social media, news, public feeds) into meaningful intelligence. • Build and maintain Python scripts to automate data collection from open sources and dark web mirrors/APIs. • Clean, normalize, and enrich collected data (e.g., parsing stealer logs, extracting indicators of compromise, tagging entities). • Contribute to the design and improvement of our Threat Intelligence strategy, including data sources, workflows, and prioritization. • Create concise intelligence reports, dashboards, and alerts for internal teams and customers (what happened, who is behind it, impact, recommended actions). • Maintain structured repositories of Indicators of Compromise (IOCs), TTPs, and threat actor profiles. • Work with SOC / Incident Response teams to provide context for ongoing alerts and investigations. • Map collected intelligence to frameworks like MITRE ATT&CK to understand and explain attacker behavior. • Track emerging threat trends, new ransomware groups, exploit kits, and data leak forums. • Document processes, tools, and findings so they can be reused by the wider team.

🎯 Requirements

• Strong interest in cybersecurity, threat intelligence, and attacker behavior. • Good understanding of OSINT concepts and tools. • Dark web vs deep web, Tor, and common underground ecosystems. • Hands-on experience with Python for writing small scripts for data collection and parsing (web scraping, API calls, regex, etc.). • Basic data handling (JSON, CSV, simple data analysis). • Familiarity with basic networking concepts (IP, DNS, ports, HTTP/S). • Common attack types (phishing, credential stuffing, ransomware, data breaches). • Ability to read & interpret breach data (usernames, passwords, hashes, stealer logs) with a strong sense of confidentiality and ethics. • Strong written communication skills to convert technical findings into clear summaries.

🏖️ Benefits

• Real-world exposure to dark web intelligence, stealer logs, and breach data workflows. • Experience in building repeatable threat intel processes and automations. • Mentorship from security engineers / analysts and a chance to influence how our Threat Intel function evolves. • You don’t need to know everything on day one, but you should be curious, comfortable experimenting with tools and scripts, and serious about responsible handling of sensitive data.