Jobs · Information Technology · Pennsylvania

Director, Embedded Threat Intelligence

Kroll · Pittsburgh, PA · 3 days ago
On-siteInformation Technology$200k–$230k/yrFull-time

Key Responsibilities

  • Embed with Incident Response teams to provide real-time intelligence support during active ransomware incidents
  • Translate technical findings into clear, actionable recommendations for client stakeholders, including executives, legal counsel, and IT/security teams
  • Avoid attribution analysis, threat actor profiling, and understanding adversary intent
  • Contribute to client briefings, situation updates, and post-incident reporting

Ransomware Threat Intelligence & Adversary Analysis

  • Track and analyze ransomware groups, affiliates, and broader cybercriminal ecosystems
  • Develop detailed intelligence on adversary TTPs, tooling, infrastructure, and operational playbooks
  • Map attacker behavior to frameworks such as MITRE ATT&CK to support detection and response
  • Identify and assess emerging ransomware trends, targeting patterns, and sector-specific risks

Malware Analysis & Technical Investigation

  • Conduct static and dynamic malware analysis on ransomware payloads, loaders, and supporting tools
  • Reverse engineer malware to understand encryption techniques, persistence mechanisms, and command-and-control activity
  • Extract and validate IOCs and behavioral indicators to enhance detection and response efforts
  • Collaborate with digital forensics and IR teams to link malware findings to broader intrusion activity

Covered Collection & Intelligence Development

  • Conduct covert intelligence collection across restricted-access environments, including dark web forums, leak sites, and negotiation portals
  • Monitor ransomware group communications, victim disclosures, and affiliate activity
  • Provide insight into attacker motivations, timelines, and negotiation dynamics

Tactical & Strategic Reporting

  • Produce high-quality, client-ready deliverables under tight timelines, including:
  • Incident-specific intelligence summaries
  • Ransomware group profiles and threat assessments
  • Tactical reports detailing TTPs, IOCs, and defensive recommendations
  • Tailor reporting for both technical and non-technical audiences, ensuring clarity and impact
  • Support development of thought leadership and threat landscape reporting

Similar jobs