Director, Threat Intelligence Research

About The Position

Requirements

• Demonstrated leadership of a regional or global CTI function with direct, measurable impact on detection engineering, threat operations, or product outcomes — ideally within an MDR, MSSP, EDR/XDR, or major incident response practice.
• Expertise in threat actor attribution, campaign tracking, TTP analysis, and translating intelligence into ranked detection priorities and customer-relevant guidance.
• Hands-on track record of operating in agentic and AI-native workflows: building, evaluating, or leading teams that use LLM agents, retrieval pipelines, and automation as a primary mode of work, not as an experiment.
• Proven ability to partner with Data Science, Detection Engineering, Threat Operations, and Product Management to productize intelligence capabilities and ship customer-facing outcomes.
• Experience leading rapid-response programs and serving as a public-facing voice during major incidents: blogs, briefings, podcasts, conference keynotes, and earned media engagement with PR and Communications.
• Experience engaging with senior stakeholders, executive and board briefings, and public-private partnerships (e.g., ISACs, industry coalitions, government exchanges).
• Has developed other managers; strong people leadership skills with a bias toward building small, senior, AI-leveraged teams.
• Able to define and execute long-term intelligence strategies and metrics aligned with customer protection, detection coverage, time-to-detection for emerging threats, and product outcomes.
• Conducts duties and responsibilities in accordance with AWN’s Information Security policies, standards, processes, and controls to protect the confidentiality, integrity and availability of AWN business information (in accordance with our employee handbook and corporate policies).
• Background checks are required for this position.
• This position may require access to information protected under U.S. export control laws and regulations, including the Export Administration Regulations (“EAR”). Please note that, if applicable, an offer for employment will be conditioned on authorization to receive software or technology controlled under these U.S. export control laws and regulations.

Nice To Haves

• If you’re excited about this role, but do not meet all of the qualifications listed above, we encourage you to apply. We review all applications.

Responsibilities

• Owns the vision and execution of Arctic Wolf’s Cyber Threat Intelligence function.
• Directs multiple intelligence teams, defines collection and analytic priorities tied to customer risk, and is accountable for the speed, relevance, and downstream impact of intelligence on detection engineering, threat operations, and product.
• Drive detection engineering through intelligence-led collection and prioritization, ensuring every campaign, TTP, and threat actor tracked translates into a ranked detection backlog tied to customer risk.
• Anticipate what will hurt customers: define collection priorities, PIRs, and coverage goals grounded in Arctic Wolf’s customer base, sectors, attack surface, and adversary landscape.
• Lead the rapid-response function for high-severity events (zero-days, mass exploitation, breach disclosures, geopolitically driven campaigns), coordinating cross-functional response and public communications.
• Partner with Data Science, Threat Operations, Detection Engineering, Product Management, and Engineering to productize intelligence, turning research into customer-facing capabilities, signals, and content.
• Build an agentic-first operating model: codify intelligence workflows as agentic systems, evaluate and adopt frontier AI tooling, and lead the team’s transformation into AI-native analysts.
• Set the internal CTI frameworks (PIRs, ATT&CK alignment, attribution discipline, confidence and probability language, intel-to-detection pipeline) used across the company.
• Establish Arctic Wolf as a recognized authority in threat research through rapid-response publications, blogs, podcasts, and original research reports.
• Engage with PR, Communications, and Marketing to ensure timely, accurate, and high-impact external messaging during major incidents and disclosures, and to amplify research that defines the company’s voice in the market.
• Speak at top-tier industry and government forums (e.g., RSA, Black Hat, FIRST, SANS Summits, FS-ISAC, InfraGard, ISAC and government exchanges) and represent Arctic Wolf in public-private partnerships.
• Brief customers, executives, and boards on the threats most relevant to their environment, sector, and risk profile.

Benefits

• Equity for all employees
• Flexible time off and paid volunteer days
• RRSP and 401k match
• Training and career development programs
• Comprehensive private benefits plan including medical, mental health, dental, disability, life and AD&D, and value-added services
• Robust Employee Assistance Program (EAP) with mental health services
• Fertility support and paid parental leave
• Compelling compensation packages, benefits, and equity for employees