Dark Web Threat Analyst

About the Role

ExploitFrontier's Threat Intelligence Division is looking for a Dark Web Threat Analyst to join our remote research team. You'll work on real-world threat monitoring across the Indian subcontinent landscape — tracking APTs, ransomware operators, and hacktivists — with your findings published on our threat intelligence platform.

What You'll Do

• Conduct focused dark web scans on assigned targets, forums, and keyword selectors.
• Triage and enrich Indicators of Compromise (IoCs) for ingestion into our TI pipeline.
• Develop and refine YARA/Sigma detection rules based on observed campaigns.
• Prepare concise intelligence summaries and threat actor.
• Update daily shift logs and respond to time-sensitive escalation requests.
• Collaborate with researchers on ongoing investigations and handoffs.

What We're Looking For

• Demonstrable OSINT/dark web research interest with basic familiarity in YARA/Sigma rules and IoC handling (hashes, IPs, domains).
• Working knowledge of MITRE ATT&CK framework and threat actor naming conventions — even lab-level exposure to MISP or OpenCTI counts.
• Strong written skills for concise reports, shift logs, and actionable intelligence summaries.
• Available for ~6 hours/day and reachable for time-sensitive escalation requests.
• Comfortable following strict legal/ethical operating procedures and OPSEC guidelines.
• Willing to sign NDAs and abide by company security policies.

A Note on Compensation

This is an unpaid internship. What we offer instead is genuine — you'll work with production-grade TI tooling, contribute to published threat research, and build a portfolio that speaks louder than most paid internships on a resume. We take your growth seriously, even if we can't pay for it yet.