Threat Intelligence Investigator / Lead

HUMAN was founded in 2012 in a Brooklyn sci-fi bookstore by Tamer Hassan, Michael Tiffany, Dan Kaminsky, and Ash Kalb. Our humble beginnings led to the creation of the Human Verification Engine, the backbone of all our products that protect enterprises from sophisticated bots. Today we verify the humanity of more than 15 trillion interactions per week for some of the largest companies and internet platforms across the internet. Our hacker roots still permeate everything we do. You will be a part of the HUMAN front line in our commitment to helping protect companies (and in turn, their customers) from both revenue and reputation risk caused by malicious bots. However, HUMAN is not the center of this story. Humans like yourself are. We firmly believe in putting people first. This approach spans our extensive benefits and day-to-day culture in order for every human to do the best work of their life. We want to hear about the marathon you’re training for. We want to see pictures of your pets. We want to know your favorite robot (we have many). The HUMAN R&D team is pivotal to our mission to protect the heart of the internet by disrupting the economics of cybercrime. They are the ones uncovering and fighting bot operations like PARETO, ICEBUCKET, 3ve, and Methbot. HUMAN supports our R&D humans by strongly valuing deep work and flexibility. Company-wide meeting-free Fridays give you uninterrupted time to work on your projects. Additionally, this team is encouraged to participate in R&D Research Friday - a designated half-day each week dedicated to trying new ideas and personal career development. HUMAN is fully committed to flexible working arrangements, or as we call it, work from anywhere, anytime. All of this is to ensure our humans are able to do the best work of their lives. We want to work with people like you who break down problems to build up better solutions. That’s what makes us HUMAN.  In this role, you will be part of a small team of highly skilled hackers, intelligence investigators and software engineers who continuously hunt for threats, develop detection techniques, and share intel and attribution for cybercrime activity with the goal of protecting our customers and keeping the internet human.You should be passionately curious and strive to work smart and fast to help produce insights that HUMAN has never seen before. You must use your skills to proactively identify new and emerging threats, hunt cyber threats to pinpoint nefarious activities on the internet and attribute these threats to botnets, campaigns, and actors.

What you will do:

• Perform investigations to respond to threat detection and intelligence requests utilizing threat hunting &  intelligence analysis. You will be using Humans’ proprietary unique data sources and OSI. 
• Prepare and deliver briefings and research to customers, security teams and public
• Discover and track adversary tactics, techniques, and procedures (TTPs) and Indicators of Compromise (IOCs)  focusing on automated fraud activities .
• Work with customers on their  intelligence requirements and threat events.
• Orchestrate and automate your threat hunts.
• Knowledge and curiosity of cyber security trends and events related to our mission.

Who you are (Culturally):

• Comfortable to do detailed presentations of your current investigations
• Flexibility in adapting to new tasks, workflows and technologies
• Work and communicate your research with other teams 
• Comfortable working remotely with Geographically diverse team
• Keen interest in Investigating cybersecurity issues
• Kindness :) 

Who you are (technically): Need some not all of the following

• Deep understanding of botnets and web automation tools and attacks
• Hunting the actual actors behind observed attacks, fraud and botnet activities
• Stront OSINT investigation and hunting skills
• Deep understanding of network based and client side attacks
• Converting intelligence into actionable Signals
• Familiar with traffic collection & analysis  tools like Wireshark/BURP
• Familiarity with Snowflake or other SQL DBs.
• Familiar with internet log sources
• Comfortable with using both open and closed intelligence sources 
• Experience with hunting/IR tools : WHOIS, VT, 
• Experience with Scripting/Programming Languages 
• You have devoted time to exploring one or more of the following:
• Browser and Web Threats, such as malicious plug-ins, headless browsers, exploitation of browser security flaws
• Mobile (Android and/or iOS) and IoT Computing,
• Packet analysis, reverse engineering
• Malware and its C2 Infrastructure
• Advertising and e-commerce fraud

Life at HUMAN:HUMAN prides itself on being an equal opportunity workplace. We firmly believe in putting people first regardless of who you are, where you come from, how you identify, or who your favorite robot is (we have many). We are on a mission to protect the integrity of the internet for everyone, so we welcome all individuals to come to share their unique experiences and perspectives as we fight against cybercrime together!With Humans located in all parts of the world, we’ve fully embraced our diversity of thought and are always looking for innovative ways to connect with one another - even in virtual reality! Although New York City is our HQ, with teams in London, Virginia, and Victoria, we trust our Humans in choosing where they work and how they work. The benefits package we provide reflects our remote-first culture and our commitment to our Humans’ personal career development, which includes annual stipends for home office setup, wellbeing, and learning & development. We also offer weekly lunches, flexible time off, no-meeting Fridays, HUMAN days, sabbatical programs, and so much more.We’re constantly trying to anticipate the needs of our Humans to ensure each one of us is equally prepared to do some of the best work of our life. Taking care of one another is part of the HUMAN experience and how we build true HUMAN connections.If you are an individual with a disability or special need that requires accommodation, please contact us directly.