Jobs · Engineering · Maryland

Cyber Threat Intelligence - Technical Analysis and Investigations Lead – VP

Morgan Stanley · Baltimore, MD · 2 wk ago
EngineeringFull-time

What You'll Do In The Role

  • Lead proactive threat hunts and advanced discovery to identify adversary campaigns, capabilities, infrastructure, and targets using internal collection, OSINT, and vendor intelligence.
  • Research and track advanced threat actors and malware, maintaining deep technical understanding of adversary TTPs and tradecraft.
  • Author high-impact technical threat intelligence products and reports tailored to both operational teams and senior stakeholders.
  • Develop and advance investigative tradecraft, analytic techniques, and automation to improve speed, repeatability, and fidelity of analytic workflows (including Python-based analytics).
  • Enrich, triage, and characterize threat insights and indicators by leveraging open-source and commercial tooling, and curate high-fidelity IOCs for operational use.
  • Partner with threat hunting and security response teams to translate technical intelligence into detection opportunities, mitigations, and control validation activities.
  • Maintain and curate threat profiles aligned to areas of responsibility, producing actionable technical intelligence for proactive detection and discovery.

What You'll Bring To The Role

  • Minimum 5 years of experience in cyber threat intelligence, cyber discovery, or cybersecurity investigations, with a track record leading both teams and technical investigations and producing actionable outcomes.
  • Expertise in tracking advanced threat actors and malware using frameworks such as MITRE ATT&CK and/or the Diamond Model to characterize campaigns, capabilities, and infrastructure.
  • Proficiency in Python and scripting to automate investigative workflows and develop analytics (e.g., Jupyter notebooks).
  • Experience with large-scale data analysis and security telemetry tooling to identify patterns, quantify trends, and support analytic judgments.
  • Experience with SIEM platforms and interpreting network/endpoint logs to progress investigations from hypothesis to evidence-based conclusions.
  • Ability to communicate clearly across technical and non-technical audiences, including writing technical reporting and briefing investigative judgments and mitigations.
  • Nice to have: GIAC GCTI, CISSP, CASP certifications.

Similar jobs