Homeoffice Threat Intelligence Lead bei Risk3Sixty LLC

About the Role

As our Threat Intelligence Lead, you will shape the strategic direction and operational excellence of our red-team, penetration-testing, and attack surface management intelligence programs. Beyond expertly translating raw data from stealer-log dumps, Telegram rings, Matrix chat servers, dark-web marketplaces, and open-source feeds into actionable insights, you will architect our collection and analysis methodologies, mentor analysts, and represent threat intelligence across our company and clients. You will ensure persistent coverage of underground communities, guide the transformation of technical findings into high-impact briefings, and drive automation and innovation across the team.

Responsibilities:

• 40% - Strategic Intelligence Gathering – Oversee source acquisition, vetting, and operational security. Monitor high-value intelligence sources (marketplaces, forums, encrypted channels, deep/dark web communities) and ensure the ongoing relevance and reliability of our collection streams.
• 20% - Program Design & Automation Oversight - Architect, review, and improve collection pipelines and data hygiene practices, leveraging Python, Go, OSINT toolsets, and custom APIs. Set standards for indicator enrichment, de-duplication, storage, and integration within our TIP platforms.
• 20% - Software Engineering - Regularly contribute to the completion of both threat intelligence and non-threat intelligence related milestones for our proprietary systems
• 10% - Intelligence Reporting & Briefings - Deliver and review timely, high-fidelity threat memos and in-depth attacker profiles for red-team operators, executives, and clients. Set and enforce standards for mapping TTPs to MITRE ATT&CK, and for distilling complex findings into concise, actionable narratives.
• 10% - External Thought Leadership - Author technical blogs, whitepapers, conference abstracts, and thought-leadership content. Speak at industry events and support responsible public sharing of findings while rigorously protecting sources and methods.

• 5 years’ hands-on CTI, SOC, or IR experience, with demonstrable dark web/underground research abilities
• Proficiency with Python (data parsing, API wrappers, automation scripts) and comfort deploying and maintaining TIP platforms (OpenCTI, MISP).
• Fundamental understanding of secure software development lifecycles, working in an Agile environment, and web development
• Deep understanding of attacker tooling (infostealers, loaders, RATs) and tradecraft; solid grasp of stealer-log ecosystems and credential marketplaces
• Familiarity with MITRE ATT&CK, Diamond Model, and intelligence-reporting frameworks.
• Clear, concise writing style—able to translate raw indicators into executive-ready narratives in 250 words or less.
• Certifications (nice-to-have): OSTH, CTIA, GREM, OSINT-focused certifications                                  

Physical Requirements

• Prolonged periods sitting at a desk and working on a computer
• Must be able to lift up to 10 pounds at times

Risk3sixty is an equal opportunity employer. We celebrate diversity in our workplace, and all qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or other legally protected characteristics