Cyber Threat Intelligence - Technical Analysis and Investigations Lead – VP

About The Position

Requirements

• Minimum 5 years of experience in cyber threat intelligence, cyber discovery, or cybersecurity investigations, with a track record leading both teams and technical investigations and producing actionable outcomes.
• Expertise in tracking advanced threat actors and malware using frameworks such as MITRE ATT&CK and/or the Diamond Model to characterize campaigns, capabilities, and infrastructure.
• -Proficiency in Python and scripting to automate investigative workflows and develop analytics (e.g., Jupyter notebooks).
• Experience with large-scale data analysis and security telemetry tooling to identify patterns, quantify trends, and support analytic judgments.
• Experience with SIEM platforms and interpreting network/endpoint logs to progress investigations from hypothesis to evidence-based conclusions.
• Ability to communicate clearly across technical and non-technical audiences, including writing technical reporting and briefing investigative judgments and mitigations.

Nice To Haves

• GIAC GCTI, CISSP, CASP certifications

Responsibilities

• Lead proactive threat hunts and advanced discovery to identify adversary campaigns, capabilities, infrastructure, and targets using internal collection, OSINT, and vendor intelligence.
• Research and track advanced threat actors and malware, maintaining deep technical understanding of adversary TTPs and tradecraft.
• Author high-impact technical threat intelligence products and reports tailored to both operational teams and senior stakeholders.
• Develop and advance investigative tradecraft, analytic techniques, and automation to improve speed, repeatability, and fidelity of analytic workflows (including Python-based analytics).
• Enrich, triage, and characterize threat insights and indicators by leveraging open-source and commercial tooling, and curate high-fidelity IOCs for operational use.
• Partner with threat hunting and security response teams to translate technical intelligence into detection opportunities, mitigations, and control validation activities.
• Maintain and curate threat profiles aligned to areas of responsibility, producing actionable technical intelligence for proactive detection and discovery.

Benefits

• Morgan Stanley offers a full spectrum of benefits, including Medical, Prescription Drug, Dental, Vision, Health Savings Account, Dependent Day Care Savings Account, Life Insurance, Disability and Other Insurance Plans, Paid Time Off (including Sick Leave consistent with state and local law, Parental Leave and X Vacation Days annually), 10 Paid Holidays, 401(k), and Short/Long Term Disability, in addition to other special perks reserved for our employees. Please visit mybenefits.morganstanley.com to learn more about our benefit offerings.
• The successful candidate may be eligible for an annual discretionary incentive compensation award.
• The successful candidate may be eligible to participate in the relevant business unit’s incentive compensation plan, which also may include a discretionary bonus component.