Cyber Threat Intelligence - Technical Analysis and Investigations Lead – VP
Morgan Stanley · Baltimore, MD · 2 wk ago
EngineeringFull-time
What You'll Do In The Role
- Lead proactive threat hunts and advanced discovery to identify adversary campaigns, capabilities, infrastructure, and targets using internal collection, OSINT, and vendor intelligence.
- Research and track advanced threat actors and malware, maintaining deep technical understanding of adversary TTPs and tradecraft.
- Author high-impact technical threat intelligence products and reports tailored to both operational teams and senior stakeholders.
- Develop and advance investigative tradecraft, analytic techniques, and automation to improve speed, repeatability, and fidelity of analytic workflows (including Python-based analytics).
- Enrich, triage, and characterize threat insights and indicators by leveraging open-source and commercial tooling, and curate high-fidelity IOCs for operational use.
- Partner with threat hunting and security response teams to translate technical intelligence into detection opportunities, mitigations, and control validation activities.
- Maintain and curate threat profiles aligned to areas of responsibility, producing actionable technical intelligence for proactive detection and discovery.
What You'll Bring To The Role
- Minimum 5 years of experience in cyber threat intelligence, cyber discovery, or cybersecurity investigations, with a track record leading both teams and technical investigations and producing actionable outcomes.
- Expertise in tracking advanced threat actors and malware using frameworks such as MITRE ATT&CK and/or the Diamond Model to characterize campaigns, capabilities, and infrastructure.
- Proficiency in Python and scripting to automate investigative workflows and develop analytics (e.g., Jupyter notebooks).
- Experience with large-scale data analysis and security telemetry tooling to identify patterns, quantify trends, and support analytic judgments.
- Experience with SIEM platforms and interpreting network/endpoint logs to progress investigations from hypothesis to evidence-based conclusions.
- Ability to communicate clearly across technical and non-technical audiences, including writing technical reporting and briefing investigative judgments and mitigations.
- Nice to have: GIAC GCTI, CISSP, CASP certifications.