Job Description
About The Team The Pursuits team produces dark web and threat intelligence on prospects, the companies Cyble's sales and presales teams are trying to win. Early, validated intelligence shows a prospect what's exposed about it (access for sale, leaks, vulnerable assets) and demonstrates Cyble's offering in action. Our internal customers are sales and presales, and our work directly supports new-client growth. We cover the dark web (access sales, leaks, malicious tools, marketplaces) and threats from ransomware groups, extortion crews, hacktivists, and APTs, plus cloud storage exposures and other vulnerabilities. Our work is both proactive and driven by collaboration with other teams. About The Role: You take on the hardest collection and the highest-stakes reporting, and you help run the function. You own the request queue, set the quality bar, and guide less experienced researchers. You also still do the work: run sources and threat-actor engagements, deanonymize actors, and write the advisories that reach prospects. What You’ll Do at Cyble: Collection & intelligence Monitor dark web forums, Telegram channels, and ransomware/extortion group sites daily for intelligence on prospects and notable events. Engage threat actors (TA engagement / HUMINT) to gather intel on private data leaks; target several successful engagements per week. Validate data leaks and TA claims to determine whether they're legitimate. Deanonymize threat actors: link aliases, accounts, and personas to real-world identities. Analysis & reporting Produce advisories and flash alerts for significant leads, and contribute blogs and quarterly reports (for example, ransomware and regional dark web roundups). Map a prospect's real attack surface (subsidiaries, parent companies, subdomains, and vulnerable login portals) when scope isn't fully specified. Analyze raw breach datasets and corroborate findings before anything is published. Team ownership & coordination Own the request queue: triage incoming re