C3i Hub
Website:
c3ihub.org
Job details:
Job Description
We are seeking a highly skilled Cybersecurity Research Engineer – Honeypot with strong expertise in honeypot deployment, threat research, and APT attribution. The role involves designing deception-based security systems, conducting deep adversary analysis, and supporting threat intelligence and incident response efforts.
Key Responsibilities
- Design, deploy, and manage low-, medium-, and high-interaction honeypots across IT, cloud, and OT environments
- Develop custom honeypots and decoys for specific threat actor profiling and campaign tracking
- Monitor, analyze, and triage honeypot-generated telemetry (network, system, malware artifacts)
- Perform APT attribution using TTP analysis mapped to MITRE ATT&CK framework
- Correlate honeypot intelligence with threat intelligence feeds, OSINT, malware reports, and darknet sources
- Support incident response and threat hunting teams with actionable intelligence
- Produce research-grade reports including attack timelines, infrastructure analysis, and attribution confidence levels
- Continuously research emerging APT campaigns, zero-day exploitation trends, and deception techniques
Required Skills & Experience
Technical Skills
- Hands-on experience with honeypot frameworks (e.g., Cowrie, Dionaea, Honeytrap, Conpot, OpenCanary, T-Pot)
- Strong understanding of APT TTPs, kill chain analysis, and adversary tradecraft
- Proficiency in Linux system administration and networking (TCP/IP, DNS, HTTP, SMB, SSH)
- Scripting skills in Python / Bash for automation and data analysis
- Knowledge of MITRE ATT&CK, Diamond Model, Cyber Kill Chain
Research & Attribution Skills
- Ability to link infrastructure, malware families, and behaviors to known or emerging APT groups
- Experience in false-flag detection and attribution confidence scoring
- Strong understanding of C2 infrastructure, payload delivery mechanisms, and lateral movement techniques
Preferred / Good-to-Have
- Experience with OT/ICS honeypots (Modbus, DNP3, IEC 104, BACnet)
- Exposure to cloud-based deception technologies
- Familiarity with memory forensics and sandboxing tools
- Prior experience working in SOC, CERT, cyber range, or national-level cybersecurity programs
- Published research, blogs, or conference talks on threat research or deception technologies
Educational Background
- B.Tech / M.Tech / MSc in Computer Science, Cybersecurity, or related field
Click on Apply to know more.