Director, Embedded Threat Intelligence
Kroll · Pittsburgh, PA · 3 days ago
On-siteInformation Technology$200k–$230k/yrFull-time
Key Responsibilities
- Embed with Incident Response teams to provide real-time intelligence support during active ransomware incidents
- Translate technical findings into clear, actionable recommendations for client stakeholders, including executives, legal counsel, and IT/security teams
- Avoid attribution analysis, threat actor profiling, and understanding adversary intent
- Contribute to client briefings, situation updates, and post-incident reporting
Ransomware Threat Intelligence & Adversary Analysis
- Track and analyze ransomware groups, affiliates, and broader cybercriminal ecosystems
- Develop detailed intelligence on adversary TTPs, tooling, infrastructure, and operational playbooks
- Map attacker behavior to frameworks such as MITRE ATT&CK to support detection and response
- Identify and assess emerging ransomware trends, targeting patterns, and sector-specific risks
Malware Analysis & Technical Investigation
- Conduct static and dynamic malware analysis on ransomware payloads, loaders, and supporting tools
- Reverse engineer malware to understand encryption techniques, persistence mechanisms, and command-and-control activity
- Extract and validate IOCs and behavioral indicators to enhance detection and response efforts
- Collaborate with digital forensics and IR teams to link malware findings to broader intrusion activity
Covered Collection & Intelligence Development
- Conduct covert intelligence collection across restricted-access environments, including dark web forums, leak sites, and negotiation portals
- Monitor ransomware group communications, victim disclosures, and affiliate activity
- Provide insight into attacker motivations, timelines, and negotiation dynamics
Tactical & Strategic Reporting
- Produce high-quality, client-ready deliverables under tight timelines, including:
- Incident-specific intelligence summaries
- Ransomware group profiles and threat assessments
- Tactical reports detailing TTPs, IOCs, and defensive recommendations
- Tailor reporting for both technical and non-technical audiences, ensuring clarity and impact
- Support development of thought leadership and threat landscape reporting