Director, Malware Analysis, Threat Intelligence

KrollWashington, DC
$200,000 - $240,000

About The Position

Kroll is seeking an experienced and innovative Malware Analysis Director to build and advance our malware analysis capabilities in support of our global Incident Response (IR), Managed Detection and Response (MDR), and Cyber Threat Intelligence (CTI) practices. This role will be responsible for developing automated malware analysis workflows and tooling that empower frontline responders, conducting deep technical investigations into sophisticated malware campaigns, and producing actionable intelligence that helps clients understand and mitigate evolving cyber threats. The successful candidate will serve as a technical leader and trusted advisor, partnering closely with Incident Response consultants, Threat Intelligence analysts, CrowdStrike and BlueVoyant MDR teams, and other cyber specialists to improve Kroll's ability to identify, analyze, and respond to advanced malware threats. This individual will also contribute to Kroll's thought leadership efforts through technical blogs, research reports, threat advisories, and client-facing intelligence products. This is a unique opportunity to shape the strategic direction of malware analysis within Kroll, develop new client-facing capabilities, and drive innovation across the cyber risk organization.

Requirements

  • Bachelor's degree in Cybersecurity, Computer Science, Information Technology, Engineering, or a related field, or equivalent practical experience.
  • 5+ years of experience in malware analysis, reverse engineering, digital forensics, incident response, threat intelligence, or a related cybersecurity discipline.
  • Strong understanding of Windows internals and common malware execution techniques.
  • Experience performing static and dynamic malware analysis in enterprise environments.
  • Experience supporting Incident Response investigations involving malware, ransomware, or advanced persistent threats (APTs).
  • Strong technical writing skills with the ability to communicate complex findings to both technical and executive audiences.
  • Experience creating actionable intelligence products, technical reports, and client deliverables.
  • Ability to independently conduct research and solve complex technical challenges.
  • Strong collaboration and stakeholder engagement skills.

Nice To Haves

  • Proficiency with IDA Pro, Ghidra, Rust, x64dbg, WinDbg, Binary Ninja, Cutter/Rizin
  • Experience analyzing Ransomware, Loaders and downloaders, Info-stealers, Banking trojans, Linux malware, Web shells, Nation-state malware, Advanced persistent threat toolsets
  • Strong scripting and development skills in Python, PowerShell, C#, JavaScript, Go (preferred)
  • Experience building automated analysis pipelines and malware triage workflows.
  • Familiarity with API integrations and workflow orchestration.
  • Knowledge of MITRE ATT&CK, YARA, Sigma, STIX/TAXII, IOC management
  • Experience creating Detection content, YARA rules, Behavioral signatures, Threat hunting methodologies
  • Experience working with CrowdStrike Falcon, Microsoft Defender, SentinelOne, BlueVoyant MDR, Splunk, Microsoft Sentinel, Elastic, Mandiant Advantage or similar threat intelligence platforms
  • Familiarity with AWS, Azure, Google Cloud Platform, Active Directory, Entra ID, Microsoft 365, Enterprise network architectures
  • GREM (GIAC Reverse Engineering Malware)
  • GCFA (GIAC Certified Forensic Analyst)
  • GCTI (GIAC Cyber Threat Intelligence)
  • GCIA (GIAC Certified Intrusion Analyst)
  • CISSP
  • CARTP, CRTO, or equivalent offensive security certifications
  • Relevant CrowdStrike certifications

Responsibilities

  • Develop and maintain automated malware analysis workflows, tooling, and enrichment capabilities to accelerate incident investigations.
  • Perform advanced static and dynamic malware analysis, reverse engineering, and behavioral analysis of malware affecting clients.
  • Support global Incident Response engagements through malware triage, root cause analysis, attribution support, and threat actor investigations.
  • Research emerging malware families, intrusion techniques, and threat actor tradecraft.
  • Author technical research reports, threat intelligence products, blogs, and client advisories.
  • Partner with CrowdStrike and BlueVoyant MDR teams to develop malware analysis processes that enhance managed detection and response services.
  • Provide technical mentorship and guidance to analysts across CTI, MDR, and Incident Response teams.
  • Develop detection opportunities, indicators of compromise (IOCs), and analytical methodologies based on malware findings.
  • Collaborate with internal malware analysis practitioners and external industry peers to establish best practices and improve investigative capabilities.
  • Evaluate and implement new technologies, sandboxes, automation platforms, and AI-enhanced analytical workflows to improve operational efficiency.
  • Contribute to the development of new cyber intelligence and malware-focused service offerings.

Benefits

  • Comprehensive medical, dental, and vision plans.
  • Generous paid time off (PTO), paid company holidays, generous parental and family leave.
  • Life insurance, short- and long-term disability coverage, and accident protection.
  • Competitive salary structures, performance-based incentives, and merit-based compensation reviews.
  • 401(k) plans with company matching.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service