Threat Intelligence Lead (Remote)

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Computer Science, Criminal Justice, Intelligence Studies, or related field (or equivalent experience) and minimum 8 years experience in cyber investigations, digital forensics, insider threat, intelligence analysis, or related fields; or An Advanced Degree in a related field and minimum 5 years experience.
• Proven experience conducting data exfiltration or cyber-enabled investigations.
• Proven ability to interview subjects, witnesses, and complainants and compiling investigative summaries, findings, and recommendations.
• Experience handling digital evidence and maintaining chain-of-custody.
• Strong analytical and critical thinking skills with the ability to connect disparate data points into a clear narrative.
• Excellent written and verbal communication skills, including investigative reporting and executive briefings.
• U.S. Citizenship and ability to obtain and maintain a Secret or Top-Secret security clearance.

Nice To Haves

• Experience with data loss prevention tools and forensic platforms.
• Knowledge of classified environment operations, including associated security measures and protection of sensitive information.
• Experience in insider threat or threat management programs.
• Background in corporate investigations, counterintelligence, or cyber threat intelligence.
• Hands-on experience with OSINT tools and methodologies, including link analysis and dark web research.
• Proven ability to work in cross-functional environments with HR, Legal, Compliance, and Cyber teams.
• Knowledge of data classification, IP protection, and export-controlled data environments.

Responsibilities

• Lead complex investigations involving data exfiltration, insider threat activity, and misuse of enterprise systems.
• Validate and triage alerts from DLP, SIEM, and UEBA; reconstruct user activity and data movement to establish intent, scope, and impact .
• Collect, preserve, and analyze digital evidence in support of investigations, ensuring chain-of-custody and legal defensibility.
• Conduct forensic analysis of file transfers, user activity, and system artifacts.
• Partner with Legal and HR to ensure investigations meet regulatory and evidentiary standards.
• Leverage OSINT tools and techniques (e.g., link analysis, persona development, attribution) to identify external risk indicators and potential insider collusion.
• Conduct proactive threat hunting to identify previously undetected insider risk activity.
• Partner with Cybersecurity (SOC), HR, Legal, Compliance, and IT to coordinate investigative actions and response strategies.
• Provide subject matter expertise on data exfiltration risks, investigative findings, and mitigation actions; support escalation and response for high-risk or sensitive incidents.
• Produce clear, concise investigative reports and intelligence briefings for technical and non-technical audiences.
• Translate complex technical findings into actionable recommendations, including risk mitigation, corrective actions, and control enhancements.
• Support the evolution of the insider threat program through process improvements, tool optimization, and policy enhancements.

Benefits

• Hired applicants may be eligible for benefits, including but not limited to, medical, dental, vision, life insurance, short-term disability, long-term disability, 401(k) match, flexible spending accounts, flexible work schedules, employee assistance program, Employee Scholar Program, parental leave, paid time off, and holidays.
• Hired applicants may be eligible for annual short-term and/or long-term incentive compensation programs depending on the level of the position and whether or not it is covered by a collective-bargaining agreement.