ZipRecruiter

Log In

1

Dark Web Monitoring Jobs (NOW HIRING)

SpyCloud

Senior Software Engineer

Austin, TX · On-site

$121.40K - $160.10K/yr

SpyCloud's data from breaches, malware-infected devices, and successful phishes also powers many popular dark web monitoring and identity theft protection offerings. Customers include seven of the ...

Mainstay Technologies

SOC Analyst

Manchester, NH · On-site

Manage our User Security Platform (USP) tools to support the security posture of Mainstay and our Clients with tools to include vulnerability scanning, phishing testing, dark web monitoring, account ...

Mainstay Technologies, Inc.

SOC Analyst

Manchester, NH · On-site

Manage our User Security Platform (USP) tools to support the security posture of Mainstay and our Clients with tools to include vulnerability scanning, phishing testing, dark web monitoring, account ...

PeopleTec, Inc.

CTI Analyst

Huntsville, AL

Tracking open-source intelligence (OSINT), analyzing network anomalies, and monitoring the deep/dark web for leaks, ransomware blogs, and hacking forums. * Adversary Profiling: Identifying the ...

PeopleTec, Inc.

CTI Analyst

Huntsville, AL

Tracking open-source intelligence (OSINT), analyzing network anomalies, and monitoring the deep/dark web for leaks, ransomware blogs, and hacking forums. * Adversary Profiling: Identifying the ...

Doppel Inc

Software Engineer, Infrastructure

New York, NY · On-site

$150K - $400K/yr

This means we're designing scalable systems that monitor billions of domains, social media accounts, apps, dark web forums, etc., and leverage AI agents to identify and neutralize digital threats.

PeopleTec, Inc.

CTI Analyst

Huntsville, AL · On-site

Tracking open-source intelligence (OSINT), analyzing network anomalies, and monitoring the deep/dark web for leaks, ransomware blogs, and hacking forums. * Adversary Profiling: Identifying the ...

Doppel Inc

Software Engineer, Platform

New York, NY · On-site

$135K - $300K/yr

This means we're designing scalable systems that monitor billions of domains, social media accounts, apps, dark web forums, etc., and leverage AI agents to identify and neutralize digital threats.

Doppel Inc

Software Engineer, Detection

New York, NY · On-site

$150K - $350K/yr

This means we're designing scalable systems that monitor billions of domains, social media accounts, apps, dark web forums, etc., and leverage AI agents to identify and neutralize digital threats.

next page

Showing results 1-20

People also search for

All JobsDark Web Monitoring Jobs

Dark Web Monitoring information

See salary details

$39K

$80.9K

$144K

How much do dark web monitoring jobs pay per year?

As of May 30, 2026, the average yearly pay for dark web monitoring in the United States is $80,851.00, according to ZipRecruiter salary data. Most workers in this role earn between $55,000.00 and $94,500.00 per year, depending on experience, location, and employer.

What is a Dark Web Monitoring job?

A Dark Web Monitoring job involves tracking and analyzing illicit activities on the dark web to detect compromised data, cybersecurity threats, and criminal activities. Professionals in this role use specialized tools and techniques to monitor darknet forums, marketplaces, and encrypted networks for stolen credentials, financial data, and other sensitive information. They help organizations mitigate risks by identifying potential breaches and providing intelligence for proactive security measures. This role requires knowledge of cybersecurity, OSINT (Open Source Intelligence), and threat intelligence techniques.

What are the key skills and qualifications needed to thrive in the Dark Web Monitoring position, and why are they important?

To thrive in Dark Web Monitoring, you need strong analytical abilities, knowledge of cybersecurity, and experience with information security protocols, often backed by a degree in computer science or related certifications such as CEH or CISSP. Familiarity with darknet tools, threat intelligence platforms, Tor networks, and specialized monitoring software is commonly expected. Effective communication, critical thinking, and attention to detail are vital soft skills in this field. These competencies are crucial for identifying, interpreting, and reporting threats to protect organizations from cyber risks originating on the dark web.

What are some typical daily responsibilities for professionals working in dark web monitoring?

Dark web monitoring professionals typically spend their days scanning dark web forums, marketplaces, and chatrooms for information related to data breaches, compromised credentials, or emerging threats. Their tasks often include using specialized software tools to detect relevant activity, compiling detailed threat intelligence reports, and collaborating with cybersecurity and IT teams to assess and mitigate risks. Regular communication with law enforcement or regulatory bodies may also be part of the role, depending on the organization's needs. By staying vigilant, these professionals help organizations stay ahead of potential cyber threats in a fast-evolving digital landscape.
More about Dark Web Monitoring jobs
What are the most commonly searched types of Dark Web Monitoring jobs? The most popular types of Dark Web Monitoring jobs are:
What job categories do people searching Dark Web Monitoring jobs look for? The top searched job categories for Dark Web Monitoring jobs are:
Dark Web Monitoring jobs near you
Infographic showing various Dark Web Monitoring job openings in the United States as of May 2026, with employment types broken down into 3% As Needed, 62% Full Time, 29% Part Time, and 6% Contract. Highlights an 100% Physical job distribution, with an average salary of $80,851 per year, or $38.9 per hour.
Director of Cyber Threat Intelligence (CTI)

Director of Cyber Threat Intelligence (CTI)

AstraZeneca

Gaithersburg, MD • On-site

Full-time

Medical, Dental, Vision, Retirement, PTO

Posted 28 days ago

AstraZeneca rating

8.6

Company rating: 8.6 out of 10

Based on 43 frontline employees who took The Breakroom Quiz

16th of 70 rated pharmaceutical

Job description

About AstraZeneca
AstraZeneca is a global, science-led, patient-focused biopharmaceutical company dedicated to discovering, developing, and commercialising prescription medicines for serious disease. We're committed to being a Great Place to Work.
About the Role
The Director of Cyber Threat Intelligence will lead a highly technical CTI function within AstraZeneca's Cybersecurity Operations division, managing a team of analysts to deliver strategic, operational, and tactical intelligence that measurably reduces risk across the enterprise, including manufacturing, clinical trial platforms, and R&D environments. This role anchors CTI to "intel-to-action" outcomes, partnering closely with Vulnerability Management, Detection Engineering, and Incident Response to harden controls, prioritize patching, improve detections, and accelerate response.
Key Responsibilities
  • Program Leadership and Strategy: Define CTI vision, operating model, and roadmap aligned to AstraZeneca's cyber risk reduction strategy, with special emphasis on manufacturing continuity, clinical data integrity, and R&D IP protection.

  • Adversary Prioritization Framework: Design and operate a scoring rubric that ranks actors based on intent/capability/relevance, TTP emergence and prevalence, organization-specific exposure to known vulnerabilities/CVEs, and global "viral" events, maintaining dynamic watchlists and escalation triggers.

  • MTTI Metric and Analytics: Implement analytic methods to estimate mean time-to-impact per adversary (from initial access to material business impact) using internal telemetry, historical incidents, industry reporting, and confidence levels, performing comparisons with IR's MTTC to drive control improvements.

  • Attack Path Modeling: Build and maintain end-to-end attack path models from initial access to material impact across IT-to-OT pivots, clinical platforms, and R&D environments, mapping steps to MITRE ATT&CK (Enterprise/ICS), identify control gaps and choke points, derive detections-as-code and hunt hypotheses, and support validation efforts including purple-team exercises and adversary emulation to ensure enterprise hardening and measurable risk reduction.

  • Dark Web and Closed-Source Monitoring: Establish collection and monitoring across dark web forums, marketplaces, breach dumps, and closed channels to identify emerging TTPs, credential leaks, data exposure, access-broker listings, and targeting of manufacturing, clinical, or R&D assets, integrating validated findings into TIP/SIEM pipelines, trigger takedown requests where feasible, and deliver rapid advisories with confidence ratings and specific actions for Vulnerability Management, Detection Engineering, and IR.

  • Third-Party and Ecosystem Intelligence: Deliver risk insights for CROs/CMOs/logistics/technology vendors, monitor credential leakage and domain spoofing, and support/coordinate takedown operations when needed.

  • Structured Threat Actor Attribution (Diamond Model): Lead disciplined attribution using the Diamond Model (adversary, capability, infrastructure, victim) and complementary frameworks, correlating TTPs, tooling lineage, code-reuse, infrastructure overlaps, and victimology with confidence levels and analytic caveats, documenting hypotheses, alternative explanations, and disconfirming evidence, and producing reusable actor profiles and pivot paths that inform prioritization, detections, hunts, and incident response playbooks.

  • Support Vulnerability Management: Partner with Vulnerability Management to contextualize CVEs (exploitability, weaponization, external scanning telemetry, compensating controls) and deliver risk-based patching prioritization across AstraZeneca's estate including IT/OT, clinical platforms, and lab environments.

  • Support Detection Engineering: Develop detection use cases to feed our detection-as-code pipeline and support detection ATT&CK coverage mapping, content tuning, and false-positive reduction, ensuring feedback loops from hunts and incidents continuously improve detection quality.

  • Support GSOC/Incident Response: Provide real-time adversary context that is highly technical including kill-chain reconstruction, containment recommendations, and countermeasures, producing post-incident intelligence retrospectives and detection/architecture improvements.

  • Operational and Executive Reporting: Produce daily threat intelligence highlights, threat actor/campaign profiles, quarterly threat briefings, and other ad hoc intelligence products, ensuring products include quantified risk narratives for senior leadership that also align findings to regulatory expectations and business impact.

  • Tooling and Automation: Optimize integrations across TIP, SIEM, EDR, case management, and telemetry; manage indicator lifecycle, automate enrichment, and measure source fidelity/bias.

  • External Engagement: Lead participation with sector bodies (e.g., H-ISAC), peer sharing groups, and government/industry partners; track and assess global events and rapidly translate into actionable enterprise guidance.

  • Team Leadership and Development: Recruit, mentor, and grow a diverse team of CTI analysts; build career paths, training plans, and knowledge-sharing practices; foster a culture of technical excellence and clear, actionable communication.

Minimum Qualifications
  • Leadership and Strategic Impact: 10+ years in cyber threat intelligence, detection engineering, incident response, or related domains; 5+ years leading technical CTI teams in global enterprises. Demonstrated ability to set vision, influence strategy, and deliver outcomes tied to enterprise risk reduction.

  • Decision Making and Accountability: Proven ownership of adversary-centric CTI programs that directly drive vulnerability prioritization, detections-as-code, hunts, and incident response. Comfortable making data-driven decisions with clear trade-offs and confidence levels.

  • Technical Depth (ATT&CK Enterprise/ICS): Deep expertise mapping TTPs to MITRE ATT&CK, defining coverage strategies, and translating gaps into high-fidelity detections and hunt hypotheses; skilled in industrial/OT contexts.

  • Attack Path Modeling and Risk Translation: Hands-on delivery of end-to-end attack paths across IT-to-OT pivots, clinical platforms, and R&D environments; validation via purple-team/adversary emulation; ability to convert findings into prioritized control roadmaps and measurable risk reduction.

  • Adversary Prioritization and Scoring: Designed and operated tailored actor scoring incorporating intent/capability, TTP emergence/prevalence, org exposure to CVEs, and global/viral events; maintained dynamic watchlists and escalation triggers.

  • Structured Attribution Tradecraft: Applied the Diamond Model and complementary frameworks with documented hypotheses, caveats, disconfirming evidence, and confidence statements; produced reusable actor profiles and pivot paths.

  • Metrication (MTTI vs. MTTC): Built mean time-to-impact metrics per actor and operationalized comparisons to IR's mean time-to-containment to guide control improvements and track program effectiveness.

  • Vulnerability Intelligence for Hardening: Delivered contextual CVE analysis (exploitability, weaponization, external scanning telemetry, compensating controls) and risk-based patch recommendations across IT, OT/ICS, clinical, and lab environments.

  • Detection Engineering Collaboration: Co-developed detections-as-code (e.g., Sigma, KQL, SPL), tuned content to reduce false positives, and closed ATT&CK coverage gaps with feedback loops from hunts/incidents.

  • Incident Intelligence Support: Provided real-time adversary context, kill-chain reconstruction, containment recommendations, and post-incident retrospectives that inform detection and architectural improvements.

  • Collection, Tooling, and Automation: Operated dark web/closed-source monitoring; integrated findings into TIP/SIEM/EDR pipelines; managed indicator lifecycle, automated enrichment, and measured source fidelity/bias.

  • Stakeholder Partnership and Communication: Clear, concise communication of complex technical intelligence to executives and cross-functional partners (Vulnerability Management, Detection Engineering, SOC/IR, OT Security, Clinical Ops, Research IT); ability to influence without authority.

  • Education: Bachelor's degree in a relevant field (Computer Science, Information Security, Intelligence Studies, or equivalent experience).

Preferred Qualifications
  • Sector Experience and Regulatory Context: Experience in pharmaceuticals, life sciences, healthcare, or manufacturing; familiarity with GMP/CSV, clinical data obligations, and R&D IP protection.

  • OT/ICS and Critical Operations: Hands-on work with MES, SCADA, PLC ecosystems; ATT&CK for ICS usage; understanding of OT-safe response practices and production continuity implications.

  • Clinical/R&D Platforms: Exposure to CTMS, EDC, IRT, ELN, LIMS, HPC, and data lake environments; experience safeguarding data integrity and sensitive research/IP.

  • Program Metrics and Outcomes: Built dashboards tracking MTTI by actor, ATT&CK coverage indices, intel-informed patch SLAs, hunter ROI, and executive risk narratives; experience presenting to senior leadership and risk committees.

  • Advanced Tooling/Automation: TIP administration, SIEM/EDR content engineering, enrichment/orchestration pipelines, case management integration, and indicator lifecycle automation at enterprise scale.

  • Threat Modeling and Quantification: Ability to translate attack paths into quantified risk scenarios and prioritized control investments aligned to business objectives and crown jewels.

  • External Partnerships: Active engagement with H-ISAC/ISAOs and government/industry partners; track record of rapidly converting global/viral cyber events into enterprise defenses and executive guidance.

  • Certifications: One or more of GCTI, GREM, GRID, GCIH, CISSP, or equivalent demonstrated expertise.

  • People Leadership: Built diverse, high-performing teams; established career paths, coaching frameworks, and a culture of analytic rigor, technical excellence, and continuous improvement.

All roles in IT are expected to demonstrate a mindset of embracing, adopting and appropriately using AI and digital tools in day-to-day work to improve outcomes and ways of working.
Location
  • Gaithersburg, Maryland.

Office Working Requirements
When we put unexpected teams in the same room, we unleash bold thinking with the power to inspire life-changing medicines. In-person working gives us the platform we need to connect, work at pace and challenge perceptions. That's why we work, on average, a minimum of three days per week from the office. But that doesn't mean we're not flexible. We balance the expectation of being in the office while respecting individual flexibility. Join us in our unique and ambitious world.
The annual base pay for this position ranges from $162.536,00 - $243.804,00 USD Our positions offer eligibility for various incentives-an opportunity to receive short-term incentive bonuses, equity-based awards for salaried roles and commissions for sales roles. Benefits offered include qualified retirement programs, paid time off (i.e., vacation, holiday, and leaves), as well as health, dental, and vision coverage in accordance with the terms of the applicable plans.
Date Posted
20-may-2026
Closing Date
04-jun-2026
Our mission is to build an inclusive environment where equal employment opportunities are available to all applicants and employees. In furtherance of that mission, we welcome and consider applications from all qualified candidates, regardless of their protected characteristics. If you have a disability or special need that requires accommodation, please complete the corresponding section in the application form.

What AstraZeneca employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom

Apply