Senior Researcher - Pursuits (Dark Web & Threat Intelligence)

About The Team

The Pursuits team produces dark web and threat intelligence on prospects, the companies Cyble's sales and presales teams are trying to win. Early, validated intelligence shows a prospect what's exposed about it (access for sale, leaks, vulnerable assets) and demonstrates Cyble's offering in action. Our internal customers are sales and presales, and our work directly supports new-client growth.

We cover the dark web (access sales, leaks, malicious tools, marketplaces) and threats from ransomware groups, extortion crews, hacktivists, and APTs, plus cloud storage exposures and other vulnerabilities. Our work is both proactive and driven by collaboration with other teams.

About The Role:

You take on the hardest collection and the highest-stakes reporting, and you help run the function. You own the request queue, set the quality bar, and guide less experienced researchers. You also still do the work: run sources and threat-actor engagements, deanonymize actors, and write the advisories that reach prospects.

What You’ll Do at Cyble:

Collection & intelligence

• Monitor dark web forums, Telegram channels, and ransomware/extortion group sites daily for intelligence on prospects and notable events.
• Engage threat actors (TA engagement / HUMINT) to gather intel on private data leaks; target several successful engagements per week.
• Validate data leaks and TA claims to determine whether they're legitimate.
• Deanonymize threat actors: link aliases, accounts, and personas to real-world identities.

Analysis & reporting

• Produce advisories and flash alerts for significant leads, and contribute blogs and quarterly reports (for example, ransomware and regional dark web roundups).
• Map a prospect's real attack surface (subsidiaries, parent companies, subdomains, and vulnerable login portals) when scope isn't fully specified.
• Analyze raw breach datasets and corroborate findings before anything is published.

Team ownership & coordination

• Own the request queue: triage incoming requests, confirm scope, route them, and track deliverables against due dates.
• Review and quality-check the team's findings and reports before they reach stakeholders.
• Mentor junior researchers and raise the bar on tradecraft and writing.
• Run daily async standups and the weekly team review, and keep stakeholders informed.
• Coordinate with sales and relationship managers on what each account needs (report depth, scope, timelines).

What You’ll Need:

• 4+ years in threat intelligence, dark web research, OSINT, or intelligence operations, including senior or lead-level work.
• Deep hands-on familiarity with dark web forums, marketplaces, and Telegram-based trading of compromised data.
• Strong TA engagement / HUMINT experience, with sound operational security and source-handling discipline.
• Solid OSINT tradecraft: people and entity research, social media and search-operator (dork) techniques, and corroboration.
• Comfort with raw breach data: structure, validation, and victim mapping.
• A track record of impactful findings.
• Experience guiding or mentoring other researchers and owning a quality bar.
• Driven to keep learning and stay current on the latest research techniques and tools.
• Able to use AI tools effectively to speed up research, analysis, and writing.
• Strong communication, within the team, across other teams, and in writing. You can turn technical findings into clear, defensible analysis that makes both technical and executive stakeholders see the business impact.

Bonus Points If You Have:

• Familiarity with intelligence frameworks (MITRE ATT&CK, the intelligence cycle, analytic standards).
• Experience supporting a SaaS CTI platform or a sales/POV motion.
• Basic scripting (Python/regex) for parsing and cleaning leaked datasets.
• Reading knowledge of a second language common in cybercrime forums (for example, Russian).

How The Role Is Measured?

• Consistently deliver impactful findings each week (team baseline: 2 to 3 weekly; aim for about 80% high-impact).
• The team's output meets the quality bar: validated, well-scoped, defensible.
• Timely turnaround on requests.

If you like working in an inclusive environment, you want to advance your career quickly, and your opinion is valued, look no further than Cyble, Inc. We are young, hungry, and ready to impact the cyber security landscape!

Cyble, Inc. takes into consideration an individual’s skillset, experience and location in making final salary determination.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected Veteran status age, or genetics, or any other characteristic protected by law.

Interview Process

1. CV Shortlist by the Hiring Panel
2. Cognitive Assessment via a platform called Xobin - It’s a 50-minute assessment, which is a mandatory step in our recruitment process for all roles.
3. Panel Discussions - Typically comprising a minimum of three interview rounds, along with a role-based assignment.