Director, Cyber Threat Intelligence
American Express · United States · 2 days ago
RemoteRemoteEngineeringFull-time
Responsibilities
- Deliver executive-level intelligence briefings and reporting on adversary activity, emerging threats, and enterprise exposure
- Own and operate the enterprise CTI-driven threat modeling capability as a primary function, maintaining a current adversary model and embedding intelligence directly into architecture, engineering, and security control design
- Ensure intelligence outputs translate into specific, actionable control enhancement recommendations, with clear handoff and traceability to downstream execution teams
- Drive integration of threat intelligence into detection engineering, threat hunting, incident response, and vulnerability prioritization workflows
- Lead the transformation of CTI into a scaled, agentic intelligence function that integrates human analysts, AI-enabled pipelines, and platform engineering capabilities with defined quality controls
- Define and enforce human-in-the-loop validation processes to ensure accuracy, context, and reliability of intelligence outputs
- Establish closed-loop feedback mechanisms between analysts, automation capabilities, and consuming teams to continuously improve intelligence quality, agent performance, and operational relevance
- Lead and develop a geographically distributed CTI team while defining operating model, roles, and areas of responsibility
- Maintain relationships with intelligence-sharing communities and oversee sourcing from internal, commercial, and open intelligence feeds
Qualifications
- Extensive experience in cyber threat intelligence, intelligence analysis, or related cybersecurity disciplines
- Deep understanding of adversary tactics, techniques, and procedures (TTPs) and threat ecosystem
- Proven experience leading intelligence programs or cybersecurity functions
- Demonstrated ability to translate threat intelligence into operational or risk outcomes
- Strong executive communication skills with ability to deliver briefings to senior leadership
- Experience with intelligence-driven defense models and threat modeling frameworks
- Experience working with intelligence community (IC), financial sector, or critical infrastructure environments
- Experience integrating intelligence into detection engineering, incident response, or red team operations
- Experience designing or operating automated or agent-driven intelligence workflows
- Familiarity with AI/ML or LLM-based cybersecurity applications and human-in-the-loop AI governance
- Experience leading large-scale program transformation or operating model redesign
- Bachelor’s degree in Intelligence, International Relations, Engineering, Computer Science, Business Management or Technology related fields OR at least 10 years of relevant experience