Threat Interlligence Analyst

At Dream, we redefine cyber defense vision by combining AI and human expertise to create products that protect nations and critical infrastructure. This is more than a job; it’s a Dream job. Dream is where we tackle real-world challenges, redefine AI and security, and make the digital world safer. Let’s build something extraordinary together.

Dream's AI cybersecurity platform applies a new, out-of-the-ordinary, multi-layered approach, covering endless and evolving security challenges across the entire infrastructure of the most critical and sensitive networks. Central to our Dream's proprietary Cyber Language Models are innovative technologies that provide contextual intelligence for the future of cybersecurity.

At Dream, our talented team, driven by passion, expertise, and innovative minds, inspires us daily. We are not just dreamers, we are dream-makers.

The Dream Job:

We are on an expedition to find you, someone who is passionate about turning research into reliable, production-grade capabilities. You’ll play a major role in building and shaping our next-gen CTI platform across attribution, pivoting, infrastructure prediction, EASM, and the STIX/OpenCTI knowledge base.

The Dream-Maker Responsibilities:

• Execute the CTI research roadmap across threat actor attribution, adversary infrastructure analysis, EASM insights, and STIX-based knowledge management.
• Conduct in-depth infrastructure and campaign analysis, including domain/IP relationships, hosting patterns and certificates.
• Identify, validate, and track Indicators of Compromise (IOCs) and emerging threats using passive sources and approved active campaigns.
• Normalize, enrich, deduplicate, and maintain intelligence in STIX 2.1, aligned with internal ontology and quality standards.
• Collaborate with the Engineering, MLOps, and Data teams to translate intelligence into actionable intelligence, alerts, and customer-facing outputs.
• Produce high-quality intelligence reports, threat briefs, watchlists, and early-warning assessments for internal teams and customers.
• Support investigations by providing contextual analysis, confidence scoring, and evidence-backed assessments.
• Ensure adherence to governance, ethics, sourcing, provenance, and data-quality standards across all intelligence outputs.
  
  

• 4+ years of experience in Cyber Threat Intelligence, SOC/IR intelligence support, or adversary infrastructure analysis.
• Strong understanding of DNS, IPs, ASNs, hosting/cloud providers, TLS/PKI, domain lifecycle, and phishing infrastructure.
• Hands-on experience with open-source and commercial CTI sources (OSINT, feeds, telemetry, reputation systems).
• Practical knowledge of STIX 2.1, MITRE ATT&CK, TAXII; experience with OpenCTI and is a strong advantage.
• Ability to perform passive discovery and controlled active validation, with a focus on accuracy, evidence discipline, and noise reduction.
• Experience using Python for analysis and enrichment (pandas, notebooks); familiarity with Neo4j or Elasticsearch is a plus.
• Strong analytical and threat-intelligence writing skills, able to translate technical findings into clear, actionable insights.
• Comfortable working in a collaborative, version-controlled environment (Git), with attention to documentation and reproducibility.
• Curious, methodical, and impact-driven mindset with a strong sense of intelligence rigor and accountability.