Investigator - Huntsville, AL

About The Position

Requirements

• Bachelor's degree in intelligence studies, computer science, cybersecurity, international relations, criminal justice, or a related field -- or five or more years of equivalent professional experience in lieu of a degree.
• Active TS/SCI required.
• Five or more years in an all-source, OSINT, or CAI analytical role within a government, defense, or IC-aligned environment.
• Demonstrated experience supporting RFI pipelines and delivering analytical reports to operational or program stakeholders.
• Prior experience delivering training or capability demonstrations to cleared analytical audiences.
• Familiarity with adversary TTPs across one or more threat areas: cyber operations, foreign procurement, critical infrastructure, influence operations, or illicit finance.
• Proficient in OSINT collection and CAI analysis: domain research, identity resolution, infrastructure mapping, and entity attribution.
• Practical experience incorporating AI and large language models into analytical work, including prompt development and output validation.
• Comfortable working with REST APIs and scripted data queries; Python preferred.
• Familiarity with commercial investigative platforms and ability to adapt them to new data sources and mission requirements.
• Familiarity with adversary analysis frameworks -- including MITRE ATT&CK, the Cyber Kill Chain, and the Diamond Model -- as contextual tools for structuring and communicating investigation findings.
• Working knowledge of structured analytic techniques (SATs) for evaluating evidence, surfacing assumptions, and reducing analytical bias.
• Writes clear, well-structured analytical reports: BLUF-first, properly sourced, readable by both analysts and senior leaders.
• Confident briefing cleared program managers, unit leadership, or senior officials on investigation findings.
• Organized and self-directed; able to manage concurrent workstreams without close supervision.

Nice To Haves

• Foreign language proficiency in Russian, Mandarin, Farsi, Korean, or Spanish.
• Experience with cryptocurrency tracing or illicit finance analysis.
• Prior speaking engagements at intelligence or cybersecurity conferences or working groups.

Responsibilities

• Conduct all-source investigations using breach data, malware-exfiltrated logs, OSINT, and commercially available information to attribute threat actors, map adversary infrastructure, and assess identity and credential exposure.
• Respond to requests for information from government and program stakeholders, producing analytical reports and investigation packages on short timelines.
• Analyze infostealer log files to extract credential exposure, behavioral indicators, and infrastructure intelligence relevant to ongoing analytical requirements.
• Pivot across SpyCloud data using the Investigations Portal, API, and Python-based notebooks to develop leads and close attribution gaps.
• Integrate large language models and AI tooling into investigative workflows -- building prompts, synthesizing multi-source data, and validating outputs against primary evidence.
• Develop and document reusable analytical workflows, prompt libraries, and notebook-based processes that improve team throughput and consistency.
• Stay current on emerging AI capabilities relevant to OSINT, CAI analysis, and analytical production.
• Deliver product training and live capability demonstrations to cleared government personnel, tailoring content to the analytical mission and maturity of each audience.
• Build scenario-based training materials and leave-behind products drawn from real investigation findings.
• Support onboarding of new customers and users, helping them connect SpyCloud capabilities to their specific analytical requirements.
• Track RFI fulfillment, investigative outcomes, and analyst credit usage, reporting results to SpyCloud leadership.
• Represent SpyCloud at relevant community events, conferences, and working groups as needed.

Benefits

• 401(k) with Employer Contribution
• Health, Vision, and Dental Insurance
• Health Savings Account (HSA) available with Employer Contribution
• Employer Paid Life, Short-term, and Long-term Disability Insurance
• Generous PTO Plan and 16 paid holidays per year