ABOUT THE OPPORTUNITY
Internews is seeking a full time Digital Security Threat Analyst to serve in a key position on a Global Technology project that will strengthen the resilience of human rights organizations and journalists to attacks by building local threat analysis and response capacity. The Digital Security Threat Analyst will play a crucial role in upskilling five Threat Labs on advanced threat research and analysis topics by providing advice, support, and trainings in addition to conducting advanced digital forensics. “Threat Labs” are local organizations with the technical capacity and appropriate tools to analyze suspicious phishing and malware samples and then share information back to the community regarding attack trends, emerging threats, and countermeasures. The Digital Security Threat Analyst will also serve as the primary point of contact for Internews engagements with private sector cybersecurity firms who provide pro bono assistance to our civil society project partners and will support relationship-building between Threat Lab partner organizations and private sector cybersecurity firms.
All candidates must have existing knowledge of methodologies and techniques for conducting significant threat research, both indirectly leveraging tools like VirusTotal as well as direct reversing or investigation of files. The successful candidate will demonstrate competency across several key areas: digital security training, collaboration with multiple partners, assessment of operational security approaches to follow for cybersecurity work, ability to craft IOCs for sharing and work with partners to craft the same, conversant in cybersecurity practices and formal frameworks (e.g. MITRE, CISecurity, CVE tracking, Indicators of Compromise, YARA, threat hunting, etc.), and understanding of or willingness to learn practical ways that low-resource organizations can improve their security. The ideal candidate will be familiar with MISP or comparable platforms, have extensive experience with digital security training or cybersecurity operations, and demonstrate mastery of threat analysis and forensics.
In addition, the successful candidate will be able to explain complex technical subjects clearly and kindly to non-technical audiences, while maintaining and building excellent relationships with both civil society and cybersecurity partners.
This position is part of Internews’ Global Technology team. We are a ~40 person, multilingual, multi-cultural team distributed across 11 countries. Our programs and initiatives:
- Defend and promote Internet freedom, particularly digital rights, digital safety, and anti-censorship technologies;
- Provide direct technological support to human rights defenders and independent journalists;
- Improve private sector accountability within the area of technology and human rights;
- Lead research into how human rights can be protected in closed and closing spaces.
You can learn more about the Global Technology Program at Internews here:https://internews.org/areas-of-expertise/global-tech/
LOGISTICS
This job is designed to be remote-first and will work with colleagues and partners around the globe, although candidates seeking an office-based position should feel free to express that desire. You should apply with the understanding that work hours will need to be coordinated to align in part with those of colleagues in the UTC +2 and UTC -5 time zones. This position will involve international travel (once it is safe to do so), including multiple trips to convenings of project partners and Internet Freedom and technology conferences.
Wherever possible, we try to find solutions for international hiring that work for both the company and the candidate. This means that some of the particulars around the offer for a role will be dependent on several factors, and that the benefits and salary structure that apply to a position will ultimately be based upon the candidate’s location and where the role is hired. Additionally, there are some locations in which Internews is not able to support fully remote work. You must have independent work authorization in your location.
OUR COMMITMENT TO FOSTERING A CULTURE OF BELONGING
We are an organization of dynamic, mission-driven individuals who are passionate about our core values and about supporting positive change in the world. We pride ourselves on our commitment to innovation and flexibility. We believe that diverse teams are strong teams and work to support an ethic of belonging, dignity, and justice for all people. Our current team includes a mix of genders, parents and non-parents, and people of multiple races, nationalities, ages, sexual orientations, and socioeconomic backgrounds. We are an EEO employer and encourage candidates of all races, genders, ages, orientations, ethnicities, and national origins to apply, and welcome those with alternative backgrounds and experiences.
DAY-TO-DAY TASKS will include:
Direct Support for Threat Labs
- Plan, implement, and lead upskilling of partner “Threat Lab” organizations in digital security, threat analysis, forensics, and threat sharing.
- Conduct threat analysis and threat sharing trainings for partner organizations.
- Lay out processes and workflows to start and maintain a Threat Lab, to be reviewed and implemented by partners at the regional level.
- Provide backstop support to Threat Lab partners by conducting threat analyses and sharing findings through standardized methods.
- Identify countermeasures to mitigate detected threats that might be followed by Human Rights Defenders, journalists, and other Civil Society actors with their available resources and technical familiarity.
Community Representation & Engagement
- Represent Internews in the digital security and threat sharing community, particularly with CiviCERT, NGO-ISAC, and FIRST threat-sharing groups.
- Engage with industry/cybersecurity/the private sector, including ThreatConnect, ESET, Chronicle, etc.
- Support relationship-building between Threat Lab partner organizations and private sector cybersecurity firms.
Reporting and Monitoring & Evaluation Efforts
- Produce both regional threat landscape reports and global trend reports detailing emerging threats and recommended countermeasures based on reported data from Threat Labs.
- Write case studies and produce country risk assessments.
- Create a “Field Guide for Threat Labs,” an online repository of useful resources (e.g. on phishing and malware analysis and incident response) to address the current lack of hands-on trainings for first responders — to include 2-4 practical learning modules on threat analysis and sharing, published online.
- Support Monitoring & Evaluation efforts for Threat Lab engagements with beneficiary Human Rights Organizations in their regions.
QUALIFICATIONS WE’RE LOOKING FOR
Required
- The successful candidate will be able to advise, support, and train partners on advanced threat research and analysis topics. Some partners are already quite advanced, some are mixed, and some are just starting; the Digital Security Threat Analyst will need to be ready to both learn from partners and identify opportunities for peer support among partners, while also training and/or introducing them to new topics.
- Expertise in digital security, threat analysis, forensics, and threat sharing
- Ability to conduct significant threat research, both indirectly leveraging VirusTotal and similar tools as well as direct reversing/investigation of files, logs, and web infrastructure
- Ability to rigorously document and present findings from threat analysis (Maltego, Dradis, etc….)
- Ability to apply and explain to others operational security approaches and workflows to follow when analyzing digital threats, such as the use of VPN/Tor, usage and hardening of analysis machines, when to use specific tools, etc.
- Familiarity with threat sharing solutions like MISP, and ability to build Indicators of Compromise (IOC) to share with others, both independently and in coordination with Threat Labs
- Basic knowledge of cybersecurity standards, frameworks, and other concepts usually employed beyond the Internet Freedom community, like MITRE, CISecurity, CVE tracking, Indicators of Compromise, YARA, threat hunting, etc.
- Understanding of or willingness to learn practical ways low-resource organizations can improve their security (e.g., configuring an office router to use a protected Domain Name System (DNS) service such as Google Public DNS or OpenDNS’s DNSCrypt — instead of an unprotected DNS service provided by a local Internet Service Provider)
- At least 5 years cumulative work experience in security operations, training, and incident response
Preferred
Note: Candidates who do not have these preferred qualifications, but are interested and willing to learn, are encouraged to apply.
- Degree in computer science, computer engineering, information assurance, or similar
- Certifications like CISSP
How to apply
To apply, please submit CV and optionally a cover letter via our Careers page.