Director, Embedded Threat Intelligence

Posted Yesterday
Be an Early Applicant
Hiring Remotely in United States
Remote
200K-230K Annually
Senior level
Big Data • Security • Software • Analytics • Cybersecurity
The Role
Lead embedded threat intelligence for ransomware incidents, providing real-time intelligence to incident response teams. Perform adversary profiling, malware reverse engineering, IOC extraction, covert collection from dark web sources, and produce tactical and strategic reports for technical and executive audiences to guide containment, remediation, and decision-making.
Summary Generated by Built In

Kroll CTI is seeking a highly motivated and client-focused Director, Embedded Threat Intelligence – Incident Resppnse & Ransomware Servies to support our Incident Response and Cyber Risk advisory practice. This role sits at the intersection of threat intelligence, ransomware analysis, and frontline incident response support, delivering actionable intelligence to clients facing sophisticated cyber threats.

 

As a trusted advisor, you will support global clients during high-impact ransomware incidents, providing deep intelligence on adversaries, guiding investigative efforts, and delivering strategic and tactical insights that enable informed decision-making under pressure.

 

Key Responsibilities:

Client-Facing Incident Response Support

  • Embed with Incident Response teams to provide real-time intelligence support during active ransomware incidents

  • Translate technical findings into clear, actionable recommendations for client stakeholders, including executives, legal counsel, and IT/security teams

  • Assist with attribution analysis, threat actor profiling, and understanding adversary intent

  • Contribute to client briefings, situation updates, and post-incident reporting

Ransomware Threat Intelligence & Adversary Analysis

  • Track and analyze ransomware groups, affiliates, and broader cybercriminal ecosystems

  • Develop detailed intelligence on adversary TTPs, tooling, infrastructure, and operational playbooks

  • Map attacker behavior to frameworks such as MITRE ATT&CK to support detection and response

  • Identify and assess emerging ransomware trends, targeting patterns, and sector-specific risks

Malware Analysis & Technical Investigation

  • Conduct static and dynamic malware analysis on ransomware payloads, loaders, and supporting tools

  • Reverse engineer malware to understand encryption techniques, persistence mechanisms, and command-and-control activity

  • Extract and validate IOCs and behavioral indicators to enhance detection and response efforts

  • Collaborate with digital forensics and IR teams to link malware findings to broader intrusion activity

Covert Collection & Intelligence Development

  • Conduct covert intelligence collection across restricted-access environments, including dark web forums, leak sites, and negotiation portals

  • Monitor ransomware group communications, victim disclosures, and affiliate activity

  • Provide insight into attacker motivations, timelines, and negotiation dynamics

Tactical & Strategic Reporting

  • Produce high-quality, client-ready deliverables under tight timelines, including: 

    • Incident-specific intelligence summaries

    • Ransomware group profiles and threat assessments

    • Tactical reports detailing TTPs, IOCs, and defensive recommendations

  • Tailor reporting for both technical and non-technical audiences, ensuring clarity and impact

  • Support development of thought leadership and threat landscape reporting

 

Required Qualifications:

  • Bachelor’s degree in Cybersecurity, Computer Science, Intelligence Studies, or related field (or equivalent experience)

  • 3–7+ years of experience in cyber threat intelligence, incident response, or cyber consulting

  • Strong understanding of ransomware attack lifecycles, including initial access, lateral movement, exfiltration, and extortion

  • Hands-on experience with malware analysis and reverse engineering tools (e.g., Ghidra, IDA Pro, Wireshark, sandbox environments)

  • Experience producing actionable intelligence on TTPs and IOCs

  • Proven ability to operate in high-pressure, client-facing environments

Preferred Qualifications

  • Familiarity with enterprise incident response engagements and crisis management

  • Experience with threat actor negotiation dynamics or ransomware leak site monitoring

  • Proficiency in scripting (Python, PowerShell) to support analysis and automation

  • Relevant certifications (e.g., GCTI, GCFA, GREM, CISSP)

Core Competencies

  • Strong client communication and stakeholder management skills

  • Ability to distill complex threat intelligence into clear, decision-ready insights

  • Analytical rigor and attention to detail in fast-moving environments

  • Sound judgment in handling sensitive and high-stakes incidents

  • Team-oriented mindset with ability to collaborate across technical and non-technical teams

What Success Looks Like

  • Delivering high-confidence, actionable intelligence that directly informs client response decisions

  • Enhancing the effectiveness and speed of ransomware incident containment and remediation

  • Building trusted relationships with clients during critical, high-pressure engagements

  • Contributing to the firm’s reputation as a leader in cyber incident response and threat intelligence advisory services

 

Your recruiter will be happy to walk you through your U.S.-specific benefits, which include:

 

  • Healthcare Coverage: Comprehensive medical, dental, and vision plans.

  • Time Off and Leave Policies: Generous paid time off (PTO), paid company holidays, generous parental and family leave.

  • Protective Insurances: Life insurance, short- and long-term disability coverage, and accident protection.

  • Compensation and Rewards: Competitive salary structures, performance-based incentives, and merit-based compensation reviews.

  • Retirement Plans: 401(k) plans with company matching.

 

Please note that benefits may vary by region, department and role. We encourage you to speak with your recruiter to learn more about the specific benefits available for your position.

 

About Kroll 

 

Join the global leader in risk and financial advisory solutions—Kroll. With a nearly century-long legacy, we blend trusted expertise with cutting-edge technology to navigate and redefine industry complexities. As a part of One Team, One Kroll, you'll contribute to a collaborative and empowering environment, propelling your career to new heights. Ready to build, protect, restore and maximize our clients’ value? Your journey begins with Kroll. 

 

In order to be considered for a position, you must formally apply via careers.kroll.com.

 

We are proud to be an equal opportunity employer and will consider all qualified applicants regardless of gender, gender identity, race, religion, color, nationality, ethnic origin, sexual orientation, marital status, veteran status, age or disability.

 

The current salary range for this position is $200,000 to $230,000

 

 

#DNI

 

 

Skills Required

  • Bachelor's degree in Cybersecurity, Computer Science, Intelligence Studies, or related field (or equivalent experience)
  • 3-7+ years of experience in cyber threat intelligence, incident response, or cyber consulting
  • Strong understanding of ransomware attack lifecycles (initial access, lateral movement, exfiltration, extortion)
  • Hands-on experience with malware analysis and reverse engineering tools (Ghidra, IDA Pro, Wireshark, sandbox environments)
  • Experience producing actionable intelligence on TTPs and IOCs
  • Proven ability to operate in high-pressure, client-facing environments
  • Familiarity with enterprise incident response engagements and crisis management
  • Experience with threat actor negotiation dynamics or ransomware leak site monitoring
  • Proficiency in scripting to support analysis and automation (Python, PowerShell)
  • Relevant certifications (GCTI, GCFA, GREM, CISSP)

Kroll Compensation & Benefits Highlights

The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Kroll and has not been reviewed or approved by Kroll.

  • Healthcare Strength Medical, dental, and vision coverage with HSA/FSA options are part of the U.S. package, alongside life and AD&D. Breadth across core health benefits is positioned as competitive for a large advisory firm.
  • Retirement Support A 401(k) plan with company match is a core element of the package. Retirement support is consistently highlighted as competitive within total rewards.
  • Leave & Time Off Breadth Paid holidays, sick leave, and PTO are included, with generous time off and parental/family leave for U.S. roles. Some roles also offer hybrid/WFH flexibility that complements time-off usability.

Kroll Insights

Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: New York, NY
5,001 Employees
Year Founded: 1932

What We Do

Kroll is the world’s premier provider of services and digital products related to valuation, governance, risk and transparency. We work with clients across diverse sectors in the areas of valuation, expert services, investigations, cyber security, corporate finance, restructuring, legal and business solutions, data analytics and regulatory compliance. Our firm has nearly 5,000 professionals in 30 countries and territories around the world. For more information, visit www.kroll.com.

Similar Jobs

Optum Logo Optum

Director, IT Service Management - ITSM and ITIL Governance - Remote

Artificial Intelligence • Big Data • Healthtech • Information Technology • Machine Learning • Software • Analytics
In-Office or Remote
Eden Prairie, MN, USA
160000 Employees
135K-231K Annually

Optum Logo Optum

Formulary Consulting Group Lead - Remote

Artificial Intelligence • Big Data • Healthtech • Information Technology • Machine Learning • Software • Analytics
In-Office or Remote
Irvine, CA, USA
160000 Employees
113K-193K Annually

Optum Logo Optum

Project Manager

Artificial Intelligence • Big Data • Healthtech • Information Technology • Machine Learning • Software • Analytics
In-Office or Remote
Costa Mesa, CA, USA
160000 Employees
92K-164K Annually

Optum Logo Optum

Account Manager

Artificial Intelligence • Big Data • Healthtech • Information Technology • Machine Learning • Software • Analytics
In-Office or Remote
Indianapolis, IN, USA
160000 Employees
24-55 Hourly

Similar Companies Hiring

Hanover Park Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
42 Employees
Kepler  Thumbnail
Fintech • Software
New York, New York
6 Employees
Onshore Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
60 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account