Open Source Research Analyst

Job Overview

Support the delivery of cybersecurity open-source research and evaluation reporting services for a government customer. Identify, assess, and articulate cybersecurity risks from publicly available and commercially accessible information sources in a fast-paced, production-oriented environment. Deliver high-quality analytical reports on a regular cadence based on customer-directed taskings.

Responsibilities

• Conduct structured open-source and technical research on cybersecurity topics, software platforms, vendors, datasets, and IT infrastructure as directed by the customer.
• Identify outdated or vulnerable software versions, insufficient patch management practices, and exposed infrastructure components.
• Assess foreign infrastructure ownership, investment, or control risks associated with technology platforms and vendors.
• Evaluate third-party applications, cybersecurity tools, and vendor ecosystems for cyber risk indicators.
• Author Cybersecurity Open-source Research and Evaluation (CORE) reports summarizing research findings, risk analysis, and technical observations.
• Produce a minimum of twelve (12) analytical reports per month based on customer-directed taskings.
• Ensure reports include clear methodology summaries, vulnerability findings, relevant technical details, and supporting open-source references.
• Prepare additional reports as requested by the customer beyond the baseline monthly requirement.
• Receive and action tasking directions from the customer’s Technical Authority.
• Seek clarification on analytical requirements as needed to ensure reporting accuracy and relevance.
• Participate in coordination calls with program management and customer stakeholders.
• Maintain a personal repository of recurring research sources, tools, and methodologies to support efficient delivery.

Qualifications

• Eligible to obtain and maintain a Government of Canada security clearance.
• Canadian citizenship required.
• Must be legally authorized to work in Canada.
• English required; French considered an asset.
• Bachelor’s degree or higher in Cybersecurity, Computer Science, Information Technology, Intelligence Studies, or a related discipline; or equivalent combination of education and professional experience.
• Relevant professional certifications (e.g., OSCP, CEH, Security+, GCTI, GREM) are a strong asset.
• 5 to 10 years of experience in cybersecurity research, threat intelligence, OSINT analysis, or a related analytical discipline.
• Demonstrated track record of producing structured analytical reports under recurring deadlines.
• Experience identifying cybersecurity vulnerabilities, exposed infrastructure, or technology supply chain risks using open-source methodologies.
• Prior experience supporting government, defence, or national security customers is a strong asset.
• Familiarity with the Canadian cybersecurity landscape and Government of Canada IT security policies (e.g., CCCS, ITSG-33) is an asset.
• Proficiency with OSINT tools and platforms (e.g., Shodan, Maltego, VirusTotal, MISP, CVE/NVD databases, Censys).
• Understanding of web application frameworks, software supply chains, patch management practices, and infrastructure exposure concepts.
• Familiarity with common vulnerability scoring frameworks (CVSS) and cybersecurity risk assessment methodologies.
• Strong written communication skills; ability to write clear, technically accurate reports for both technical and non-technical audiences.