The Buyer Fraud Intelligence Unit (BFIU) within PRISM SWAT is seeking a Threat Intelligence Analyst to lead a net-new intelligence function within Buyer Risk Prevention (BRP). This role is responsible for proactively identifying, analyzing, and disrupting emerging buyer-related threats to Amazon through systematic intelligence gathering across dark web marketplaces, encrypted channels, and fraud-as-a-service platforms. You will establish investigation methodology, tradecraft standards, and tooling workflows while also delivering actionable intelligence that feeds directly into detection rules, ML model retraining, and Legal referrals.

This position is open to both internal and external candidates. Internal candidates with strong fraud investigation foundations and a willingness to develop specialized tradecraft are encouraged to apply.


Key job responsibilities
- Dark Web & Deep Web Intelligence Collection: Monitor and analyze dark web marketplaces, carding forums, private Telegram channels, Discord servers, and paste sites for Amazon-specific exploitation techniques and emerging fraud modus operandi.
- Threat Actor Profiling: Identify, profile, and track threat actors, fraud-as-a-service providers, and organized fraud rings targeting Amazon's buyer ecosystem.
- Fraud MO Investigation & Reporting: Produce 1 comprehensive fraud modus operandi investigation report per month for Legal, including threat actor attribution, technical indicators, and estimated business impact.
- Tradecraft & Methodology Leadership: Establish and maintain investigation methodology, operational security standards, and tooling workflows for the BFIU team.
- Mentorship & Team Development: Serve as team lead, mentoring fellow analysts, and building toward independent investigation capability across the team.
- Cross-Functional Collaboration: Partner with ML, Risk Mining, Engineering, Legal, and Law Enforcement teams to operationalize intelligence findings into detection rules, model features, and enforcement actions.
- Law Enforcement Coordination: Establish and maintain referral pathways with CPE, SPI-External Enforcement, and external law enforcement agencies.
- Urgent Threat Alerts: Issue real-time alerts when active exploitation campaigns targeting Amazon buyers are detected, enabling immediate defensive response.
- Tooling & Automation: Drive adoption and optimization of intelligence platforms (Flashpoint, Maltego) and build custom collection scripts and enrichment pipelines.

A day in the life
You move between deep web research, cross functional collaboration, and intelligence production. You might be tracking a fraud tutorial on a carding forum, mapping threat actor infrastructure using link analysis tools, or walking the ML team through the exact system decision points a fraud MO exploits. You mentor analysts on tradecraft and OPSEC, finalize evidence packages for Legal, and update threat actor profiles as new intelligence emerges. Some days are heads-down research in adversarial environments; others are translating findings into detection rules with engineering partners. The constant: your work disrupts threats before they reach scale.

About the team
The Buyer Threat Intelligence Unit (BTIU) within Buyer Risk Prevention proactively identifies and disrupts buyer-related threats to Amazon through deep and dark web intelligence gathering. While most risk teams detect fraud after it impacts our ecosystem, BTIU operates upstream finding threats at their source in communities before they reach scale. We deliver threat actor attribution to Legal for enforcement and technical methodology breakdowns to detection teams for defensive response. This is a ground-floor opportunity to build a new intelligence function with direct leadership visibility and investment in your growth.

- Experience handling confidential information
- Experience establishing successful partnerships with internal and external teams to execute tactical initiatives or equivalent
- Proficiency with OSINT methodologies and investigative research techniques
- Knowledge of fraud ecosystems: carding, account takeover (ATO), synthetic identity fraud, refund abuse, phishing, or fraud-as-a-service models
- Familiarity with payment systems, e-commerce fraud vectors, or chargeback patterns
- Ability to operate with discretion and sound judgment when handling sensitive information
- 5 years of experience in one or more of the following: cyber threat intelligence, fraud investigations, risk analysis, or cybercrime research

- Experience navigating and collecting intelligence from dark web marketplaces, underground forums, and encrypted communication channels
- Operational security (OPSEC) expertise persona management, attribution avoidance, and safe browsing practices in adversarial environments
- Experience with threat intelligence frameworks (MITRE ATT&CK)
- SANS certifications: FOR578 (Cyber Threat Intelligence), SEC487 (OSINT Gathering and Analysis), or equivalent
- Experience with intelligence platforms: Flashpoint, Recorded Future, Maltego Enterprise
- Established relationships with law enforcement agencies or intelligence-sharing communities (e.g., FS-ISAC)
- Experience building or contributing to a threat intelligence function
- Background in producing court-ready evidence or supporting legal/enforcement proceedings
- Experience integrating threat intelligence into ML pipelines or automated detection systems
- Experience with link analysis tools for visual investigation and relationship mapping

Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.

Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region youre applying in isnt listed, please contact your Recruiting Partner.

The base salary range for this position is listed below. Your Amazon package will include sign-on payments and restricted stock units (RSUs). Final compensation will be determined based on factors including experience, qualifications, and location. Amazon also offers comprehensive benefits including health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage), 401(k) matching, paid time off, and parental leave. Learn more about our benefits at />
USA, WA, Seattle - 82,700.00 - 129,800.00 USD annually