Join our clients Cyber Threat Intelligence team in Abu Dhabi as a Senior Dark Web Researcher. You will focus on identifying and tracking cybercrime activity across dark web and underground ecosystems, and turning that into clear, actionable intelligence for security and business stakeholders.
Key Highlights
Technical Skills Required
Benefits & Perks
Job Description
Senior Dark Web Researcher | Cyber Threat Intelligence | Abu Dhabi Relocation
We’re hiring a Senior Dark Web Researcher to join our clients Cyber Threat Intelligence team in Abu Dhabi. This is a relocation role with a competitive tax-free package, visa sponsorship and relocation support.You’ll focus on identifying and tracking cybercrime activity across dark web and underground ecosystems, and turning that into clear, actionable intelligence for security and business stakeholders.
What you’ll do
- Monitor dark web forums, marketplaces and closed communities (Tor, I2P, invite-only forums, Telegram/Discord, etc.) for data leaks, credential dumps, access sales, malware and ransomware activity.
- Build and maintain personas and long-term access to high-value underground communities using strong OPSEC and tradecraft.
- Help run Threat Intelligence Platforms (TIPs), define STIX/TAXII-based models, and build tagging, scoring and enrichment so underground data is structured and searchable.
- Integrate dark web intelligence into SIEM, SOAR, EDR and ASM via APIs, feeds and dashboards to support detection, response and risk management.
- Correlate underground activity with IOCs, vulnerabilities, malware campaigns and MITRE ATT&CK, and produce concise reports and alerts.
- Contribute to playbooks and SOPs for dark web investigations and support/mentor junior researchers on tradecraft and tooling.
What you’ll bring
- 7–10 years in dark web / underground / cybercrime research or cyber threat intelligence.
- Hands-on experience with Tor, I2P, closed forums, invite-only markets and chat platforms (Telegram, Discord, etc.) and a proven record of persona building and long-term access.
- Strong OPSEC discipline (VMs, VPNs, compartmentalisation, secure tooling).
- Practical experience with TIPs (e.g. MISP, OpenCTI, Anomali, Group-IB, Recorded Future) and good understanding of STIX 2.x / TAXII.
- Comfortable working with APIs, JSON and basic scripting (Python preferred), plus experience normalising, tagging, scoring and enriching data.
- Solid knowledge of IOCs, TTPs, malware, vulnerabilities, ransomware and MITRE ATT&CK.
- Strong analytical and communication skills; able to produce clear reports and briefings for both technical and non-technical audiences.
- Bachelor’s degree in Cyber Security, Computer Science, Intelligence Studies, Digital Forensics or related field (or equivalent experience).
Nice to have: CTI / cyber certifications (e.g. GCTI, CTIA, GCIA, GREM, CISSP), extra languages (e.g. Russian, Arabic, Spanish), and experience working with SOC/IR, law enforcement, financial crime or fraud teams.