We're seeking someone to join our team as a Cyber Threat Intelligence - Technical Analysis and Investigations Lead in Technology to lead technical threat investigations, track sophisticated adversaries, and operationalize technical intelligence for detection and response.
This is a Cyber Security Engineering position at VP which is part of the job family responsible for providing specialist cyber expertise and creating solutions that protect the organization's systems and networks against actual and potential security threats and vulnerabilities.
What you'll do in the role:- Lead proactive threat hunts and advanced discovery to identify adversary campaigns, capabilities, infrastructure, and targets using internal collection, OSINT, and vendor intelligence.
Research and track advanced threat actors and malware, maintaining deep technical understanding of adversary TTPs and tradecraft. - Author high-impact technical threat intelligence products and reports tailored to both operational teams and senior stakeholders.
- Develop and advance investigative tradecraft, analytic techniques, and automation to improve speed, repeatability, and fidelity of analytic workflows (including Python-based analytics).
Enrich, triage, and characterize threat insights and indicators by leveraging open-source and commercial tooling, and curate high-fidelity IOCs for operational use. - Partner with threat hunting and security response teams to translate technical intelligence into detection opportunities, mitigations, and control validation activities.
- Maintain and curate threat profiles aligned to areas of responsibility, producing actionable technical intelligence for proactive detection and discovery. {D Part 2: Scope of Role What you'll bring pre-set content based on tier framework + role-specific bullets
What you'll bring to the role: - Minimum 5 years of experience in cyber threat intelligence, cyber discovery, or cybersecurity investigations, with a track record leading both teams and technical investigations and producing actionable outcomes.
- Expertise in tracking advanced threat actors and malware using frameworks such as MITRE ATT&CK and/or the Diamond Model to characterize campaigns, capabilities, and infrastructure.
-Proficiency in Python and scripting to automate investigative workflows and develop analytics (e.g., Jupyter notebooks). - Experience with large-scale data analysis and security telemetry tooling to identify patterns, quantify trends, and support analytic judgments.
- Experience with SIEM platforms and interpreting network/endpoint logs to progress investigations from hypothesis to evidence-based conclusions.
- Ability to communicate clearly across technical and non-technical audiences, including writing technical reporting and briefing investigative judgments and mitigations.
Nice to have : GIAC GCTI, CISSP, CASP certifications
Salary range for the position: 135,000 and 190,000 per year. The successful candidate may be eligible for an annual discretionary incentive compensation award. The successful candidate may be eligible to participate in the relevant business unit's incentive compensation plan, which also may include a discretionary bonus component. Morgan Stanley offers a full spectrum of benefits, including Medical, Prescription Drug, Dental, Vision, Health Savings Account, Dependent Day Care Savings Account, Life Insurance, Disability and Other Insurance Plans, Paid Time Off (including Sick Leave consistent with state and local law, Parental Leave and X Vacation Days annually), 10 Paid Holidays, 401(k), and Short/Long Term Disability, in addition to other special perks reserved for our employees. Please visit mybenefits.morganstanley.com to learn more about our benefit offerings.