Sr. Intelligence Analyst - DPRK Mission (Remote)

As a global leader in cybersecurity, CrowdStrike protects the people, processes and technologies that drive modern organizations. Since 2011, our mission hasn’t changed — we’re here to stop breaches, and we’ve redefined modern security with the world’s most advanced AI-native platform. Our customers span all industries, and they count on CrowdStrike to keep their businesses running, their communities safe and their lives moving forward. We’re also a mission-driven company. We cultivate a culture that gives every CrowdStriker both the flexibility and autonomy to own their careers. We’re always looking to add talented CrowdStrikers to the team who have limitless passion, a relentless focus on innovation and a fanatical commitment to our customers, our community and each other. Ready to join a mission that matters? The future of cybersecurity starts with you.

About the Role:

CrowdStrike Intelligence seeks a Senior Intelligence Analyst for its Global Threat Analysis Cell (GTAC) to track and analyze targeted intrusion activity associated with Democratic People's Republic of Korea (DPRK)-nexus adversaries. The Analyst will monitor DPRK-nexus cyber operations, identify emerging trends and threats, investigate suspected North Korean adversary activity, and produce strategic and tactical intelligence assessments and products that directly inform CrowdStrike customers.

What You'll Do:

• Track adversary campaigns, tactics, techniques, and procedures (TTPs) through analysis of CrowdStrike's unique telemetry, open-source data sets, and third-party intelligence

• Author high-quality short and long format written reports independently that apply analytic tradecraft, including appropriate use of estimative language, confidence levels, and structured analytic techniques

• Generate reporting from a range of sources with minimal factual or accuracy errors and strong style, in line with CrowdStrike Intelligence standards

• Actively engage with inter-team discussions, including participation and leadership of groups in which you are the subject matter expert

• Identify intelligence gaps and propose research projects to address collection shortfalls, proactively seeking opportunities to collaborate on products with other teams

• Regularly conduct peer review of reporting by team members to maintain CrowdStrike Intelligence's analytic standards for accuracy, clarity, and objectivity

• Lead and participate in analytic discussions, respecting and incorporating input from others into investigations

• Prioritize, categorize, and respond to requests for information from internal and external customers, serving as a responsive go-to person on specific topics

• Identify and contribute to customer engagements and requests as directed for internal teams and external customers, actively contributing to resolving crisis situations

• Conduct briefings independently for a variety of customer levels via phone, video conference, webcast, in-person, or industry conferences

• Identify opportunities for automation and process improvements, contributing to the development of automation tools within existing frameworks

• Leverage cross-team contacts and inter-organizational partnerships to communicate and coordinate analytical priorities

• Track DPRK-nexus financial operations, including cryptocurrency theft, money laundering tradecraft, and blockchain-based sanctions evasion activity, and assess implications for adversary capability development and operational tempo

• Develop and maintain technical infrastructure tracking for DPRK-nexus adversaries, including use of tools such as Censys, VirusTotal, DomainTools, and Netflow to identify, pivot on, and document adversary infrastructure

• Contribute to team knowledge transfer through peer review, mentorship of junior analysts, and documentation of analytical methodologies and research findings in shared knowledge stores

• Support production planning discussions and contribute to prioritization of analytical workstreams and mission coverage

What You'll Need:

Required:

• Self-motivated professional with 3+ years' experience in a threat intelligence environment, with demonstrated expertise in DPRK cyber operations

• Advanced knowledge of threat intelligence research/collection tools and analytical tradecraft methods

• Demonstrated ability to identify, organize, catalog, and track adversary tradecraft trends — often with incomplete data

• Proven ability to produce a consistent stream of high-quality finished intelligence products on short deadlines independently, as well as maintaining analysis for long-term strategic assessments

• Strong understanding of technical concepts related to cyber threat research and ability to effectively communicate those concepts in written reporting

• Ability to conduct technical analysis of the tools and tradecraft employed by threat actors, as well as to enumerate and monitor threat actors' infrastructure

• Demonstrated proficiency with infrastructure tracking tools (e.g., Censys, VirusTotal, DomainTools, Netflow, or equivalent) and ability to document methodology, pivot logic, and findings in a format that enables team-level knowledge transfer

• Demonstrated experience effectively coordinating research projects and written products among various sets of subject matter experts and technical specialists

• Strong understanding and application of adversary attribution concepts and ability to present attribution points in complex cases and work with other SMEs to gain consensus

• Excellent knowledge of geopolitical issues specific to the DPRK (including North Korean strategic objectives, Korean Peninsula security dynamics, regional politics, and the DPRK's use of cyber operations for revenue generation and sanctions evasion) and ability to use that information to support understanding of current and future impacts on the cyber threat landscape

• Conducts self-driven research and reading, with excellent awareness of the state of the field and knowledge of the CrowdStrike Intelligence ecosystem as it relates to the DPRK mission

• Understanding of multiple sources that inform analysis and awareness of priorities within the mission area

• Acts as a role model for analytical objectivity and independently resolves analytical disagreements

• Ability to act as a steady and reliable point of contact in times of high stress

Preferred:

• Familiarity with cryptocurrency tracking platforms (e.g., Chainalysis, TRM Labs, or equivalent) or demonstrable ability to rapidly develop proficiency; understanding of blockchain-based money laundering and sanctions evasion techniques as they relate to state-sponsored cyber operations

• Experience functioning as a team lead, senior contributor, or de facto subject matter expert within an intelligence production team; demonstrated ability to model analytical and technical methodology for less experienced analysts

• Track record of proactive initiative in identifying and filling intelligence gaps, coordinating cross-team products, and driving analytical work to completion with limited direction

• Education: Undergraduate degree, military training or relevant experience in cyber intelligence, computer science, general intelligence studies, security studies, political science, international relations, etc.

#LI-Remote

#LI-AO1

Benefits of Working at CrowdStrike:

• Market leader in compensation and equity awards

• Comprehensive physical and mental wellness programs 

• Competitive vacation and holidays for recharge  

• Paid parental and adoption leaves

• Professional development opportunities for all employees regardless of level or role

• Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections

• Vibrant office culture with world class amenities

• Great Place to Work Certified™ across the globe

CrowdStrike is proud to be an equal opportunity employer. We are committed to fostering a culture of belonging where everyone is valued for who they are and empowered to succeed. We support veterans and individuals with disabilities through our affirmative action program.

CrowdStrike is committed to providing equal employment opportunity for all employees and applicants for employment. The Company does not discriminate in employment opportunities or practices on the basis of race, color, creed, ethnicity, religion, sex (including pregnancy or pregnancy-related medical conditions), sexual orientation, gender identity, marital or family status, veteran status, age, national origin, ancestry, physical disability (including HIV and AIDS), mental disability, medical condition, genetic information, membership or activity in a local human rights commission, status with regard to public assistance, or any other characteristic protected by law. We base all employment decisions--including recruitment, selection, training, compensation, benefits, discipline, promotions, transfers, lay-offs, return from lay-off, terminations and social/recreational programs--on valid job requirements.

If you need assistance accessing or reviewing the information on this website or need help submitting an application for employment or requesting an accommodation, please contact us at [email protected] for further assistance.

Find out more about your rights as an applicant.

CrowdStrike participates in the E-Verify program.

Notice of E-Verify Participation

Right to Work

For detailed information about the U.S. benefits package, please click here.