Director, Malware Analysis, Threat Intelligence
Kroll · Pittsburgh, PA · 2 days ago
On-siteAnalyst$200k–$240k/yrFull-time
About the role
Kroll is seeking an experienced and innovative Malware Analysis Director to build and advance our malware analysis capabilities in support of our global Incident Response (IR), Managed Detection and Response (MDR), and Cyber Threat Intelligence (CTI) practices.
Responsibilities
- Develop and maintain automated malware analysis workflows, tooling, and enrichment capabilities to accelerate incident investigations.
- Perform advanced static and dynamic malware analysis, reverse engineering, and behavioral analysis of malware affecting clients.
- Support global Incident Response engagements through malware triage, root cause analysis, attribution support, and threat actor investigations.
- Research emerging malware families, intrusion techniques, and threat actor tradecraft.
- Author technical research reports, threat intelligence products, blogs, and client advisories.
- Partner with CrowdStrike and BlueVoyant MDR teams to develop malware analysis processes that enhance managed detection and response services.
- Provide technical mentorship and guidance to analysts across CTI, MDR, and Incident Response teams.
- Develop detection opportunities, indicators of compromise (IOCs), and analytical methodologies based on malware findings.
- Collaborate with internal malware analysis practitioners and external industry peers to establish best practices and improve investigative capabilities.
- Evaluate and implement new technologies, sandboxes, automation platforms, and AI-enhanced analytical workflows to improve operational efficiency.
- Contribute to the development of new cyber intelligence and malware-focused service offerings.
Requirements
- Bachelor's degree in Cybersecurity, Computer Science, Information Technology, Engineering, or a related field, or equivalent practical experience.
- 5+ years of experience in malware analysis, reverse engineering, digital forensics, incident response, threat intelligence, or a related cybersecurity discipline.
- Strong understanding of Windows internals and common malware execution techniques.
- Experience performing static and dynamic malware analysis in enterprise environments.
- Experience supporting Incident Response investigations involving malware, ransomware, or advanced persistent threats (APTs).
- Strong technical writing skills with the ability to communicate complex findings to both technical and executive audiences.
- Experience creating actionable intelligence products, technical reports, and client deliverables.
- Able to independently conduct research and solve complex technical challenges.
- Strong collaboration and stakeholder engagement skills.
Preferred Technical Skills
- Malware Analysis & Reverse Engineering Proficiency with: IDA Pro, Ghidra, Rust, x64dbg, WinDbg, Binary Ninja, Cutter/Rizin.
- Experience analyzing: Ransomware, Loaders and downloaders, Info-stealers, Banking trojans, Linux malware, Web shells, Nation-state malware, Advanced persistent threat toolsets.
- Programming & Automation Strong scripting and development skills in: Python, PowerShell, C#, JavaScript, Go (preferred).
- Experience building automated analysis pipelines and malware triage workflows.
- Familiarity with API integrations and workflow orchestration.
- Threat Intelligence & Detection Knowledge of: MITRE ATT&CK, YARA, Sigma, STIX/TAXII, IOC management.
- Experience creating: Detection content, YARA rules, Behavioral signatures, Threat hunting methodologies.
- Security Platforms Experience working with: CrowdStrike Falcon, Microsoft Defender, SentinelOne, BlueVoyant MDR, Splunk, Microsoft Sentinel, Elastic, Mandiant Advantage or similar threat intelligence platforms.
- Cloud & Enterprise Technologies Familiarity with: AWS, Azure, Google Cloud Platform, Active Directory, Entra ID, Microsoft 365, Enterprise network architectures.
What Success Looks Like
- Established automated malware analysis capabilities that measurably improve Incident Response efficiency.
- Built repeatable processes to support malware investigations across CTI, IR, and MDR teams.
- Produced impactful malware research and thought leadership content that enhances Kroll's market reputation.
- Improved support for clients leveraging CrowdStrike and BlueVoyant MDR services.
- Developed new analytical capabilities that increase visibility into sophisticated malware threats and drive better client outcomes.
- Become the technical focal point for malware-related investigations across Kroll's cyber risk business.