About The Organization
Cloudforce One is Cloudflare’s threat operations and research organization, responsible for identifying and disrupting cyber threats ranging from sophisticated cybercriminal activity to nation-state sponsored advanced persistent threats (APTs). Cloudforce One works in close partnership with external organizations and internal Cloudflare teams, continuously developing operational tradecraft and expanding ever-growing sources of threat intelligence to enable expedited threat hunting and remediation. Members of Cloudforce One are at the helm of leveraging an incredibly vast and varied set of data points that only one of the world’s largest global networks can provide. The organization is able to analyze these unique data points, at massive scale and efficiency, synthesizing findings into actionable threat intelligence to better protect our customers.
About The Role
Cloudflare is a global system on a mission to make the internet better, safer, and more powerful every day. To help fulfill this mission, we are seeking a Threat Event Analyst to join us in growing our Cloudforce One Organization, where you will be instrumental in building a proactive and threat intelligence-driven approach to protecting Cloudflare and its customers from sophisticated global threat actors. This position is ideal for someone with a self-starter mentality, an investigative approach, and a passion for cybersecurity who thrives in a fast-paced environment where critical thinking and problem-solving are essential.
As a Threat Event Analyst, you will monitor cyber threat activity, trends, and methodologies across multiple platforms, supporting both client intelligence needs and proactive internal research. You will be a key contributor in tracking and characterizing adversary Tactics, Techniques, and Procedures (TTPs) across the cyber kill chain to protect our global customer base from ongoing and ever-evolving cyber threats. In this role, you will monitor and classify threat events, leveraging Cloudflare’s unique data sources and telemetry to map adversary activity to the MITRE ATT&CK framework and enable actionable threat intelligence sharing with both internal and external stakeholders.
Success in this role requires strong analytical skills, the ability to identify patterns and anomalies in large datasets, and a solid understanding of threat intelligence frameworks, network security, and adversary TTPs. You will be responsible for conducting independent technical investigations, escalating complex findings to various Cloudforce One teams, and collaborating with threat researchers, intelligence analysts, and engineers to improve threat detection, tracking, and classification.
Examples of Desirable Skills, Knowledge, and Experience
- At least 2 years of direct experience in cybersecurity operations, threat analysis, or a related role (e.g., SOC, threat hunting, intelligence analysis) with a Bachelor’s degree (or 5+ years direct experience without a degree)
- Hands-on experience tracking, analyzing, and defending against cyber campaigns using Indicators of Compromise (IOCs)
- Proficiency in network and/or host-based intrusion analysis to identify and respond to threats
- Experience in one or more of the following areas: packet analysis, metadata analysis, or log correlation for threat detection
- Familiarity with threat intelligence frameworks such as MITRE ATT&CK, Diamond Model, and the Cyber Kill Chain
- Experience working with security telemetry, logs, or threat intelligence platforms to support investigations and decision-making
- Ability to conduct in-depth analysis by correlating data from multiple sources to assess visibility into threat actor activity
- Experience in developing new detection methodologies, creating playbooks, and leveraging automation to enhance threat visibility
- Strong communication skills to effectively document challenges in event tracking and classification, supporting continuous improvement efforts
- Exceptional analytical and critical thinking skills with a keen attention to detail
- Proven ability to collaborate and work effectively in a globally distributed team environment
Bonus Points
- Familiarity with specific threat actor groups, their operations and TTPs
- Certifications such as Security+, CEH, GIAC GCTI, GCIA, GCIH or similar cybersecurity credentials
- Experience with OSINT research and intelligence collection methodologies
- Prior work in a role requiring operational security (OPSEC) awareness and secure handling of sensitive information
- Working knowledge of SQL and devising SQL queries
At Cloudflare, you'll be at the forefront of global cybersecurity—tracking advanced threats and helping to secure the internet at scale. If you're passionate about threat intelligence, working with cutting-edge data, and making a real impact, we’d love to hear from you!