Skip to content

Threat Intelligence Researcher

Home Work with us Threat Intelligence Researcher

San Sebastián, Spain. 

While 100% remote working will be considered, our preference is to be able to be 50% of time in our office together with and interacting with our team 

 

Your Opportunity

Are you passionate about cybersecurity and threat intelligence? Do you want to work on the frontlines of detecting and analyzing the latest cyber threats? Do you have experience in presenting and discussing analysis and solutions to international customers?

CounterCraft is looking for a motivated and talented Threat Intelligence Researcher to join our intel team!

 

What You’ll Do

  • Analyze the latest threats, from opportunistic attacks to advanced adversaries.
  • Investigate security incidents and malware.
  • Build and improve security detections, automations, and alerts.
  • Review current and new data sources to gain insights and improve threat detection.
  • Collaborate with a proactive team across Operations, Product, Development and Pre-Sales,  where your ideas and input will truly shape the direction of the intel unit while remaining true to customer needs
  • Engage with customers clients to translate threat intelligence into operational value and impact.

 

What We’re Looking For

  • A collaborative mindset: you thrive in a team that values curiosity, humility, and shared success.
  • Strong knowledge of the cyber threat intelligence landscape. 
  • Ability to research, track, and profile threat actors, including their tactics, techniques, and procedures (TTPs).
  • Ability to dissect and understand malicious code to identify its capabilities, command-and-control (C2) infrastructure, indicators of compromise (IOCs)  and responding to security incidents.
  • Ability to write detection rules in different formats (YARA signatures, KQL, etc.)
  • Hands-on experience building security detections and automations.
  • Proficiency in scripting languages like Python or PowerShell to automate the creation of deceptive environments, log analysis, and data correlation in cloud platforms (e.g. AWS, Azure, GCP) and container technologies (e.g. Docker, Kubernetes)
  • Network Forensics: a deep understanding of network protocols, traffic analysis, and packet capture (PCAP) analysis.
  • Excellent communication and reporting writing skills like translating complex technical findings into clear, concise, and actionable intelligence reports for various audiences – you love sharing knowledge and collaborating both internally with other departments as well as with customers. Able to tailor outputs in recognition of the audience (e.g. technical profile, analyst, CISO, etc.)
  • Comfortable presenting findings and recommendations in customer-facing settings, both written and verbal.
  • Knowledge of attack frameworks: a solid understanding of frameworks like the MITRE ATT&CK framework, to map the attacker TTPs to specific phases of the attack lifecycle and based on that redesign effective deception strategies.
  • A proactive mindset, not afraid to automate tasks or find the right tools.
  • Critical thinking: a sharp & investigative mindset to connect disparate pieces of information and uncover hidden adversary activities.

 

What We Offer

  • Join one of the leading companies in Deception and threat Intelligence, with recognition at both national and international levels. Work from our Miramon tech hub in San Sebastián with a Hybrid model of remote working between office and home. Work-life balance with flexibility options.
  • Off-site, team-building and all hands events several times a year.
  • A tailored career path, with real opportunities to grow in your professional life.
  • Exposure to cutting-edge AI and cybersecurity projects.
  • A collaborative environment that values respect, growth, and equal opportunities.

 

About CounterCraft

CounterCraft is a rapidly growing startup disrupting cybersecurity with the leading threat deception platform for large enterprises. Join a dedicated team of cybersecurity specialists in San Sebastián, with offices also in the USA and UK.

We deliver real-time threat intelligence powered by deception technology to clients worldwide.

Be part of something bigger: grow your career in cybersecurity with an award-winning company  as a Globee Awards Silver Winner – Cybersecurity, Top 10 AI Startups Revolutionizing 2025 by Analytics Insight and Cybersecurity Company of the Year by Global Business Tech Awards all in 2025, surrounded by brilliant engineers in one of Europe’s most inspiring cities — San Sebastián.

Ready to make an impact in cybersecurity? Apply now and join a team where your work shapes the future of threat intelligence!

If you are interested send an email to [email protected] with your CV attached.