As a Cyber Intelligence Analyst within the Collection Team at Rapid7, you will be responsible for identifying, obtaining, and ingesting high-value compromised data from dark web sources, while evaluating forums, black markets, and other cybercrime ecosystems to determine their intelligence value and alignment with Rapid7’s strategic goals. You will play a critical role in ensuring our intelligence feeds are robust, relevant, and actionable.This is an exciting opportunity to join our team in a culture that supports trying new approaches and continuous learning.  

About the Team

Rapid7 Labs is the research and innovation arm of Rapid7, we focus on advancing security knowledge and providing data driven insights to the cybersecurity community helping both customers and the wider security community understand and defend against evolving cyber threats. The Collections Team is a newly created team that sits within Rapid7 Labs and is responsible for collecting and disseminating valuable intelligence which is used to support and enrich Rapid7’s products and services.
 

About the Role

As a Cyber Intelligence Analyst, your primary responsibility will be to deliver reliable analysis, maintain consistent performance, and contribute effectively to the team’s objectives. Specifically, your focus will be to: 

• Identify, access, and collect high-value compromised data and other threat intelligence from deep and dark web sources.

• Evaluate cybercrime forums, marketplaces, and other illicit platforms to determine their potential as ongoing collection targets.

• Monitor, track, and document emerging threat groups, leak sites, and data breach trends.

• Ingest and catalog collected datasets into internal systems for analysis and customer reporting.

• Collaborate with internal intelligence, engineering, and operations teams to refine collection priorities and ensure alignment with strategic goals.

• Maintain awareness of changes in dark web access methods, operational security, and source reliability.

• Support the creation of standard operating procedures for data acquisition and ingestion processes.

The skills and qualities you’ll bring include: 

• 2+ years of experience in cyber threat intelligence or a related role with familiarity in dark web ecosystems and OSINT tools.

• 2+ years of experience in the cybersecurity industry or equivalent knowledge of cybersecurity fundamentals and concepts gained through formal education.

• Knowledge of compromised data formats, breach data structures, and underground marketplace dynamics.

• Ability to work with Linux environments, including the use of command-line tools for processing and analysis of large datasets.

• Proficiency in handling structured and unstructured data formats, interpreting tabular data, and managing various file types.

• Experience executing scripts in Python or Bash, with a basic understanding of programming concepts as a plus.

• Demonstrated critical thinking with the ability to evaluate the relevance and value of new sources

• Adaptable with the ability to work through change and with ambiguity

• Takes responsibility for driving outcomes and meeting commitments that deliver value for the business and our customers

• Excellent written communication skills in English; additional language proficiency (especially Russian) is a plus.

• Core Value Embodiment: Embody our core values to foster a culture of excellence that drives meaningful impact and collective success. 

We know that the best ideas and solutions come from multi-dimensional teams. That’s because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don’t be shy - apply today.
 

About Rapid7

At Rapid7, our vision is to create a secure digital world for our customers, our industry, and our communities. We do this by harnessing our collective expertise and passion to challenge what’s possible and drive extraordinary impact. We’re building a dynamic and collaborative workplace where new ideas are welcome. 

Protecting 11,000+ customers against bad actors and threats means we’re continuing to push the envelope - just like we’ve been doing for the past 20 years. If you’re ready to solve some of the toughest challenges in cybersecurity, we’re ready to help you take command of your career. Join us. 

#LI-MV1