Director, Embedded Threat Intelligence

KrollPittsburgh, PA
$200,000 - $230,000

About The Position

Kroll CTI is seeking a highly motivated and client-focused Director, Embedded Threat Intelligence – Incident Response & Ransomware Services to support our Incident Response and Cyber Risk advisory practice. This role sits at the intersection of threat intelligence, ransomware analysis, and frontline incident response support, delivering actionable intelligence to clients facing sophisticated cyber threats. As a trusted advisor, you will support global clients during high-impact ransomware incidents, providing deep intelligence on adversaries, guiding investigative efforts, and delivering strategic and tactical insights that enable informed decision-making under pressure.

Requirements

  • Bachelor’s degree in Cybersecurity, Computer Science, Intelligence Studies, or related field (or equivalent experience)
  • 3–7+ years of experience in cyber threat intelligence, incident response, or cyber consulting
  • Strong understanding of ransomware attack lifecycles, including initial access, lateral movement, exfiltration, and extortion
  • Hands-on experience with malware analysis and reverse engineering tools (e.g., Ghidra, IDA Pro, Wireshark, sandbox environments)
  • Experience producing actionable intelligence on TTPs and IOCs
  • Proven ability to operate in high-pressure, client-facing environments
  • Strong client communication and stakeholder management skills
  • Ability to distill complex threat intelligence into clear, decision-ready insights
  • Analytical rigor and attention to detail in fast-moving environments
  • Sound judgment in handling sensitive and high-stakes incidents
  • Team-oriented mindset with ability to collaborate across technical and non-technical teams

Nice To Haves

  • Familiarity with enterprise incident response engagements and crisis management
  • Experience with threat actor negotiation dynamics or ransomware leak site monitoring
  • Proficiency in scripting (Python, PowerShell) to support analysis and automation
  • Relevant certifications (e.g., GCTI, GCFA, GREM, CISSP)

Responsibilities

  • Embed with Incident Response teams to provide real-time intelligence support during active ransomware incidents
  • Translate technical findings into clear, actionable recommendations for client stakeholders, including executives, legal counsel, and IT/security teams
  • Assist with attribution analysis, threat actor profiling, and understanding adversary intent
  • Contribute to client briefings, situation updates, and post-incident reporting
  • Track and analyze ransomware groups, affiliates, and broader cybercriminal ecosystems
  • Develop detailed intelligence on adversary TTPs, tooling, infrastructure, and operational playbooks
  • Map attacker behavior to frameworks such as MITRE ATT&CK to support detection and response
  • Identify and assess emerging ransomware trends, targeting patterns, and sector-specific risks
  • Conduct static and dynamic malware analysis on ransomware payloads, loaders, and supporting tools
  • Reverse engineer malware to understand encryption techniques, persistence mechanisms, and command-and-control activity
  • Extract and validate IOCs and behavioral indicators to enhance detection and response efforts
  • Collaborate with digital forensics and IR teams to link malware findings to broader intrusion activity
  • Conduct covert intelligence collection across restricted-access environments, including dark web forums, leak sites, and negotiation portals
  • Monitor ransomware group communications, victim disclosures, and affiliate activity
  • Provide insight into attacker motivations, timelines, and negotiation dynamics
  • Produce high-quality, client-ready deliverables under tight timelines, including: Incident-specific intelligence summaries, Ransomware group profiles and threat assessments, Tactical reports detailing TTPs, IOCs, and defensive recommendations
  • Tailor reporting for both technical and non-technical audiences, ensuring clarity and impact
  • Support development of thought leadership and threat landscape reporting

Benefits

  • Comprehensive medical, dental, and vision plans.
  • Generous paid time off (PTO), paid company holidays, generous parental and family leave.
  • Life insurance, short- and long-term disability coverage, and accident protection.
  • Competitive salary structures, performance-based incentives, and merit-based compensation reviews.
  • 401(k) plans with company matching.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service