Cyber Threat Intelligence & Eastern Europe Operations Lead

About the Company

Behemoth Security Pte. Ltd. is a Singapore-based cybersecurity consultancy specialising in threat intelligence, security advisory, and compliance services for international clients, with a primary focus on the European Union market. Our operations involve monitoring and analysing cyber threats originating from the Commonwealth of Independent States (CIS) and Eastern European regions, liaising with EU-based clients on regulatory compliance (NIS2 Directive, DORA, GDPR), and coordinating product development with our distributed engineering team across Eastern Europe. Behemoth Security leverages Agentic Engineering to the maximum extent to deliver outsize impact to its customers, and is credited with pioneering new cybersecurity methods leveraging AI.

The Role

We are seeking a Cyber Threat Intelligence & Operations Specialist to serve as the operational backbone of our CIS/Eastern European threat intelligence practice and day-to-day business operations. This role is critical to our ability to deliver actionable intelligence on Russian-speaking and Eastern European threat actors to our EU client base, and to coordinate our Ukrainian-based development team.

This is a specialist role requiring a rare combination of cyber threat intelligence capability, advanced Russian and Ukrainian language proficiency, cultural fluency in CIS/Eastern European threat environments, and client-ready English reporting. Selection will be based on demonstrated capability and evidence of specialist competency, not only formal academic credentials.

The successful candidate will operate at the intersection of cyber threat intelligence (CTI), client engagement, product coordination, and business operations - requiring a rare combination of native-level language capability, cultural fluency with CIS/Eastern European contexts, and cybersecurity domain knowledge.

Extensive, frontier AI leverages is expected and needed in this role, with the expectation that you'll be able to discover new Use Cases across our engagement lifecycle.

Key Responsibilities

Cyber Threat Intelligence & Investigations (approximately 55-60%)

- Monitor, collect, and analyse intelligence from Russian-language and Ukrainian-language sources, including underground forums, Telegram channels, dark web marketplaces, paste sites, threat actor communications, breach announcements, and other relevant open-source materials.

- Track and profile CIS-origin and Eastern European threat actors, APT groups, ransomware groups, access brokers, hacktivist groups, and cybercriminal ecosystems relevant to our EU client base.

- Conduct OSINT investigations in Russian, Ukrainian, and English across multiple platforms to identify threat activity, victimology, targeting patterns, infrastructure, indicators of compromise, and operational context.

- Translate, contextualise, and interpret cybercriminal slang, underground forum terminology, culturally specific references, and nuanced threat actor communications that automated translation tools cannot accurately capture.

- Produce finished intelligence reports, threat briefings, client advisories, investigation summaries, and indicators of compromise from Russian, Ukrainian, and English-language source materials.

- Support analysis of threat actor tactics, techniques, and procedures, including mapping observed behaviours to recognised cybersecurity frameworks where appropriate.

- Maintain structured research notes, source references, and intelligence records to support repeatable analysis, client reporting, and internal knowledge management.

- Monitor developments in the CIS and Eastern European cyber threat landscape, including changes in threat actor behaviour, forum migration, ransomware ecosystem activity, geopolitical drivers, and regional cybercrime trends.

Eastern Europe Product and Intelligence Platform Coordination (approximately 20%)

- Serve as a coordination point with our Ukrainian-based development team for threat intelligence platform requirements, product improvements, research workflows, and intelligence collection needs.

- Conduct regular technical coordination sessions, sprint discussions, and requirement clarification with Ukrainian-speaking engineering contributors.

- Translate client feedback, analyst requirements, and threat intelligence workflows into clear product specifications and development priorities.

- Support cross-timezone coordination between Singapore operations, EU client requirements, and Eastern European development resources.

- Validate that product features and internal tooling support the practical needs of cyber threat intelligence collection, analysis, reporting, and knowledge management.

Client Advisory and Intelligence Delivery Support (approximately 10-15%)

- Support client-facing engagements by preparing intelligence briefings, advisory materials, investigation summaries, and threat landscape updates for EU-based clients.

- Assist in explaining CIS and Eastern European cyber threat activity to non-specialist stakeholders in clear, practical, and business-relevant language.

- Support advisory work linked to EU cybersecurity and resilience requirements, including NIS2 Directive, DORA, GDPR, and related client governance needs.

- Maintain awareness of relevant cybersecurity regulatory developments affecting EU clients and support internal preparation of briefing materials where needed.

- Coordinate with internal stakeholders to ensure intelligence deliverables are accurate, timely, and aligned with client expectations.

Operations, Contract and Engagement Coordination (approximately 10%)

- Support day-to-day engagement coordination, including client communications, scheduling, delivery tracking, and operational follow-up.

- Assist with contract lifecycle administration for cybersecurity consultancy engagements, including preparation, review coordination, renewal tracking, and documentation management.

- Support invoicing, vendor coordination, resource planning, and operational reporting where these activities relate to cybersecurity service delivery.

- Maintain organised records for client engagements, deliverables, operational decisions, and project timelines.

- Help coordinate internal priorities across threat intelligence, advisory, operations, and product development workstreams.

Requirements

Mandatory:

- Advanced professional proficiency in Russian, including the ability to interpret cybercriminal slang, underground forum terminology, threat actor communications, and culturally specific references without reliance on machine translation.

- Advanced professional proficiency in Ukrainian, sufficient for daily technical coordination with Ukrainian-speaking engineering teams and interpretation of Ukrainian-language source material in the Eastern European cyber threat landscape.

- Professional fluency in English (spoken and written) - for client-facing reports, documentation, and international communication

- Minimum 3 years of professional experience, including at least 2 years in cyber threat intelligence, cybersecurity investigations, OSINT, security operations, intelligence analysis, or operational coordination supporting cybersecurity services. Diversity of experiences is appreciated and desire, with a mix of cyber and non-cyber experience sought in order to bounce between complex, multi-layered missions.

- Demonstrated understanding of the CIS and Eastern European cyber threat landscape, including familiarity with major threat actor groups, motivations, and tactics

- Experience working with geographically distributed teams across multiple time zones

- Strong organisational skills with experience in contract administration or project management

Preferred:

- Professional certifications in cybersecurity (e.g., CompTIA Security+, GIAC GCTI, OSCP, CEH) or equivalent demonstrated competency. We prefer real world experience and unique talent in the Russian-speaking cyber environment than certificates, but they're useful to understand your background.

- Familiarity with threat intelligence platforms (e.g., MISP, OpenCTI, Recorded Future, Mandiant Advantage), or ability to quickly learn.

- Experience with Agile/Scrum methodologies in product development contexts

- Knowledge of EU cybersecurity regulatory frameworks (NIS2, DORA, GDPR). If not provided, must be able to go through a quick internal training to get up to speed.

- Experience in the cybersecurity consulting or managed security services industry, or similar experience in IT or logistics to understand contract management.

What We Offer

- Senior specialist compensation commensurate with demonstrated cyber threat intelligence capability, regional language expertise, investigation experience, and client-facing reporting responsibilities.

- Opportunity to work in a high-impact role within a growing cybersecurity consultancy

- Exposure to the global cybersecurity landscape with a focus on emerging threats from the CIS/Eastern European region

- Professional development support including industry certifications

- Collaborative, multinational working environment

How to Apply

Interested candidates should submit their CV/resume along with a brief cover letter explaining their relevant experience in cyber threat intelligence, CIS/Eastern European operations, and language capabilities. Please indicate your proficiency level in Russian, Ukrainian, and English.

Behemoth Security Pte. Ltd. is committed to fair employment practices in accordance with the Tripartite Guidelines on Fair Employment Practices (TGFEP). All qualified applicants will receive consideration regardless of age, race, gender, religion, marital status, or disability.