Principal Cyber Investigator

About The Position

Requirements

• At least 9+ years of experience in cybersecurity, threat intelligence, Trust & Safety, national security, defense, intelligence, or law enforcement domains
• Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience
• Demonstrated experience leading or managing investigative teams, including oversight of quality, output, and team development
• Deep subject-matter expertise in one or more of the following: scaled data extraction, ransomware, local and remote exploits, or offensive security operations
• Familiarity with LLM systems and how AI technology can be misused for cyber operations
• Proven ability to serve as a final technical authority on complex cases, with a track record of sound judgment on harm potential and offensive uplift
• Strong SQL, Python, and other data language proficiency for querying data, supporting detection workflows, and validating investigative output
• Exceptional written and verbal communication skills, with experience presenting findings to senior stakeholders
• Ability to rapidly context-switch across domains, modalities, and abuse areas in a fast-paced, ambiguous environment
• Ability to clear an insider-threat background check

Nice To Haves

• Experience working directly with or within frontier AI labs, large technology platforms, or Trust & Safety organizations
• Experience with threat intelligence frameworks such as MITRE ATT&CK
• Background in dark web monitoring, OSINT, or cross-platform threat analysis
• Experience building or scaling detection and mitigation pipelines
• Full professional proficiency in Arabic, Chinese, Farsi, Portuguese, Russian, or Spanish
• Active security clearance (Secret or above)
• Relevant certifications such as OSCP, GREM, or GCTI

Responsibilities

• Oversee day-to-day operations of the cyber investigations team, ensuring investigations are completed accurately, efficiently, and in accordance with outlined requirements and rubrics
• Serve as the senior technical authority on complex and escalated cases, making final determinations on real-world harm potential and offensive uplift
• Monitor and maintain quality metrics across the team, identifying gaps and implementing improvements to investigative processes and detection pipelines
• Interface directly with client stakeholders to communicate findings, surface emerging trends, and align on evolving policy and operational priorities
• Mentor and develop senior and junior investigators, providing guidance on technically demanding and ambiguous cases
• Lead threat actor analysis, synthesizing findings across cases to inform broader detection and mitigation strategies
• Query internal data sources via DQL and programmatically, and cross-reference open-source information (OSINT) to support investigations and validate team output
• Respond to critical escalations and on-call leads, including those not caught by existing safety systems

Benefits

• Comprehensive health, dental, and vision coverage
• Generous PTO and paid holiday schedule
• 401(k) plan