Threat Intelligence Researcher- CTI

At Dream, we redefine cyber defense vision by combining AI and human expertise to create products that protect nations and critical infrastructure. This is more than a job; it’s a Dream job. Dream is where we tackle real-world challenges, redefine AI and security, and make the digital world safer. Let’s build something extraordinary together. 

Dream's AI cybersecurity platform applies a new, out-of-the-ordinary, multi-layered approach, covering endless and evolving security challenges across the entire infrastructure of the most critical and sensitive networks. Central to our Dream's proprietary Cyber Language Models are innovative technologies that provide contextual intelligence for the future of cybersecurity.  

At Dream, our talented team, driven by passion, expertise, and innovative minds, inspires us daily.  We are not just dreamers, we are dream-makers. 

We are on an expedition to find you, someone who is passionate about turning research into reliable, production-grade capabilities. You’ll play a major role in building and shaping our next-gen CTI platform across attribution, pivoting, infrastructure prediction, EASM, and the STIX/OpenCTI knowledge base.

• Execute the CTI research roadmap across attribution, infra prediction, EASM, and the STIX knowledge base. 
• Design and implement graph-pivoting, attribution heuristics, and temporal/link models (sequence/survival/Hawkes-style). 
• Build high-signal EASM detectors: passive discovery and safe active probing per ROE; capture reproducible evidence. 
• Normalize, enrich, and deduplicate intel into STIX 2.1 aligned to our ontology; maintain/enhance TAXII/OpenCTI/MISP connectors. 
• Ship detectors/models and enrichment services with AI/Platform teams; contribute tests, docs, and runbooks. 
• Curate datasets, define ground truth, and evaluate KPIs (coverage, lead-time, precision/recall, FPR); iterate to improve signal-to-noise. 
• Produce watchlists, concise briefs, and early-warning hypotheses for stakeholders and priority investigations. 
• Uphold governance, ethics, provenance, and data-quality standards. 

• 4-7+ years in CTI/EASM/offensive research or adversary-infra analysis. 
• DNS, BGP/ASNs, TLS/PKI & CT logs, hosting/CDN/cloud patterns, domain lifecycle, phishing ecosystems. 
• Communities/embeddings/clustering; temporal/link modeling and practical evaluation. 
• Passive discovery and safe active probing; evidence discipline and noise reduction. 
• STIX 2.1, ATT&CK, TAXII; advantage for OpenCTI/MISP; ontology alignment and validation. 
• Python (pandas, notebooks, scikit-learn, networkx/igraph); Neo4j/Elasticsearch; Kafka/SQS/Redis; Docker/Kubernetes. 
• Prompting/tool-use for extraction/normalization; agentic patterns with guardrails and sanity checks. 
• Analytical writing; collaborative, version-controlled workflow (Git); documentation rigor. 

If you think this role doesn’t fully match your skills but are eager to grow and break glass ceilings, we’d love to hear from you!