Intelligence Analyst II, Buyer Threat Intelligence Unit

Description

The Buyer Fraud Intelligence Unit (BFIU) within PRISM SWAT is seeking a Threat Intelligence Analyst to lead a net-new intelligence function within Buyer Risk Prevention (BRP). This role is responsible for proactively identifying, analyzing, and disrupting emerging buyer-related threats to Amazon through systematic intelligence gathering across dark web marketplaces, encrypted channels, and fraud-as-a-service platforms. You will establish investigation methodology, tradecraft standards, and tooling workflows while also delivering actionable intelligence that feeds directly into detection rules, ML model retraining, and Legal referrals.

This position is open to both internal and external candidates. Internal candidates with strong fraud investigation foundations and a willingness to develop specialized tradecraft are encouraged to apply.

Key job responsibilities

* Dark Web & Deep Web Intelligence Collection:
Monitor and analyze dark web marketplaces, carding forums, private Telegram channels, Discord servers, and paste sites for Amazon-specific exploitation techniques and emerging fraud modus operandi.

* Threat Actor Profiling:
Identify, profile, and track threat actors, fraud-as-a-service providers, and organized fraud rings targeting Amazon's buyer ecosystem.

* Fraud MO Investigation & Reporting:
Produce ≥1 comprehensive fraud modus operandi investigation report per month for Legal, including threat actor attribution, technical indicators, and estimated business impact.

* Tradecraft & Methodology Leadership:
Establish and maintain investigation methodology, operational security standards, and tooling workflows for the BFIU team.

* Mentorship & Team Development:
Serve as team lead, mentoring fellow analysts, and building toward independent investigation capability across the team.

* Cross-Functional Collaboration:

Partner with ML, Risk Mining, Engineering, Legal, and Law Enforcement teams to operationalize intelligence findings into detection rules, model features, and enforcement actions.

* Law Enforcement Coordination:
Establish and maintain referral pathways with CPE, SPI-External Enforcement, and external law enforcement agencies.

* Urgent Threat Alerts:
Issue real-time alerts when active exploitation campaigns targeting Amazon buyers are detected, enabling immediate defensive response.

* Tooling & Automation:
Drive adoption and optimization of intelligence platforms (Flashpoint, Maltego) and build custom collection scripts and enrichment pipelines.

A day in the life

You move between deep web research, cross functional collaboration, and intelligence production. You might be tracking a fraud tutorial on a carding forum, mapping threat actor infrastructure using link analysis tools, or walking the ML team through the exact system decision points a fraud MO exploits. You mentor analysts on tradecraft and OPSEC, finalize evidence packages for Legal, and update threat actor profiles as new intelligence emerges.

Some days are heads-down research in adversarial environments; others are translating findings into detection rules with engineering partners. The constant: your work disrupts threats before they reach scale.

About the team

The Buyer Threat Intelligence Unit (BTIU) within Buyer Risk Prevention proactively identifies and disrupts buyer-related threats to Amazon through deep and dark web intelligence gathering. While most risk teams detect fraud after it impacts our ecosystem, BTIU operates upstream finding threats at their source in communities before they reach scale. We deliver threat actor attribution to Legal for enforcement and technical methodology breakdowns to detection teams for defensive response.

This is a ground-floor opportunity to build a new intelligence function with direct leadership visibility and investment in your growth.

Basic Qualifications

* Experience handling confidential information

* Experience establishing successful partnerships with internal and external teams to execute tactical initiatives or equivalent

* Proficiency with OSINT methodologies and investigative research techniques

* Knowledge of fraud ecosystems: carding, account takeover (ATO), synthetic identity fraud, refund abuse, phishing, or fraud-as-a-service models

* Familiarity with payment systems, e-commerce fraud vectors, or chargeback patterns

* Ability to operate with discretion and sound judgment when handling sensitive information

* 5+ years of experience in one or more of the following: cyber threat intelligence, fraud investigations, risk analysis, or cybercrime research

Preferred Qualifications

* Experience navigating and collecting intelligence from dark web marketplaces, underground forums, and encrypted communication channels

* Operational security (OPSEC) expertise - persona management, attribution avoidance, and safe browsing practices in adversarial environments

* Experience with threat intelligence frameworks (MITRE ATT&CK)

* SANS certifications: FOR
578 (Cyber Threat Intelligence), SEC
487 (OSINT Gathering and…