Kroll

Director, Malware Analysis, Threat Intelligence

Kroll$200K — $240K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in a relevant field or equivalent experience.
  • 5+ years in malware analysis, incident response, or related discipline.
  • Strong grasp of Windows internals and malware execution techniques.
  • Experience in both static and dynamic malware analysis.
  • Proven ability to support investigations involving malware, ransomware, or APTs.
  • Exceptional technical writing skills for diverse audiences.
  • Strong collaboration skills and stakeholder engagement.

Responsibilities

  • Develop automated malware analysis workflows and tooling.
  • Conduct advanced malware analysis including reverse engineering.
  • Support incident response with malware triage and root cause analysis.
  • Research emerging malware families and intrusion techniques.
  • Author technical research reports and threat intelligence products.
  • Partner with external MDR teams for process enhancement.
  • Mentor analysts across cyber threat intelligence and incident response.

Benefits

  • Comprehensive medical, dental, and vision insurance.
  • Generous paid time off and family leave.
  • Life insurance and disability coverage.
  • Competitive salary and performance-based rewards.
  • 401(k) plans with company matching.
Full Job Description
Job Description

Kroll is seeking an experienced and innovative Malware Analysis Director to build and advance our malware analysis capabilities in support of our global Incident Response (IR), Managed Detection and Response (MDR), and Cyber Threat Intelligence (CTI) practices. This role will be responsible for developing automated malware analysis workflows and tooling that empower frontline responders, conducting deep technical investigations into sophisticated malware campaigns, and producing actionable intelligence that helps clients understand and mitigate evolving cyber threats.

The successful candidate will serve as a technical leader and trusted advisor, partnering closely with Incident Response consultants, Threat Intelligence analysts, CrowdStrike and BlueVoyant MDR teams, and other cyber specialists to improve Kroll's ability to identify, analyze, and respond to advanced malware threats. This individual will also contribute to Kroll's thought leadership efforts through technical blogs, research reports, threat advisories, and client-facing intelligence products.

This is a unique opportunity to shape the strategic direction of malware analysis within Kroll, develop new client-facing capabilities, and drive innovation across the cyber risk organization.

Key Responsibilities:
  • Develop and maintain automated malware analysis workflows, tooling, and enrichment capabilities to accelerate incident investigations.
  • Perform advanced static and dynamic malware analysis, reverse engineering, and behavioral analysis of malware affecting clients.
  • Support global Incident Response engagements through malware triage, root cause analysis, attribution support, and threat actor investigations.
  • Research emerging malware families, intrusion techniques, and threat actor tradecraft.
  • Author technical research reports, threat intelligence products, blogs, and client advisories.
  • Partner with CrowdStrike and BlueVoyant MDR teams to develop malware analysis processes that enhance managed detection and response services.
  • Provide technical mentorship and guidance to analysts across CTI, MDR, and Incident Response teams.
  • Develop detection opportunities, indicators of compromise (IOCs), and analytical methodologies based on malware findings.
  • Collaborate with internal malware analysis practitioners and external industry peers to establish best practices and improve investigative capabilities.
  • Evaluate and implement new technologies, sandboxes, automation platforms, and AI-enhanced analytical workflows to improve operational efficiency.
  • Contribute to the development of new cyber intelligence and malware-focused service offerings.


Required Qualifications:
  • Bachelor's degree in Cybersecurity, Computer Science, Information Technology, Engineering, or a related field, or equivalent practical experience.
  • 5+ years of experience in malware analysis, reverse engineering, digital forensics, incident response, threat intelligence, or a related cybersecurity discipline.
  • Strong understanding of Windows internals and common malware execution techniques.
  • Experience performing static and dynamic malware analysis in enterprise environments.
  • Experience supporting Incident Response investigations involving malware, ransomware, or advanced persistent threats (APTs).
  • Strong technical writing skills with the ability to communicate complex findings to both technical and executive audiences.
  • Experience creating actionable intelligence products, technical reports, and client deliverables.
  • Ability to independently conduct research and solve complex technical challenges.
  • Strong collaboration and stakeholder engagement skills.


Preferred Technical Skills

Malware Analysis & Reverse Engineering
  • Proficiency with:
    • IDA Pro
    • Ghidra
    • Rust
    • x64dbg
    • WinDbg
    • Binary Ninja
    • Cutter/Rizin
  • Experience analyzing:
    • Ransomware
    • Loaders and downloaders
    • Info-stealers
    • Banking trojans
    • Linux malware
    • Web shells
    • Nation-state malware
    • Advanced persistent threat toolsets

Programming & Automation
  • Strong scripting and development skills in:
    • Python
    • PowerShell
    • C#
    • JavaScript
    • Go (preferred)
  • Experience building automated analysis pipelines and malware triage workflows.
  • Familiarity with API integrations and workflow orchestration.

Threat Intelligence & Detection
  • Knowledge of:
    • MITRE ATT&CK
    • YARA
    • Sigma
    • STIX/TAXII
    • IOC management
  • Experience creating:
    • Detection content
    • YARA rules
    • Behavioral signatures
    • Threat hunting methodologies

Security Platforms
  • Experience working with:
    • CrowdStrike Falcon
    • Microsoft Defender
    • SentinelOne
    • BlueVoyant MDR
    • Splunk
    • Microsoft Sentinel
    • Elastic
    • Mandiant Advantage or similar threat intelligence platforms

Cloud & Enterprise Technologies
  • Familiarity with:
    • AWS
    • Azure
    • Google Cloud Platform
    • Active Directory
    • Entra ID
    • Microsoft 365
    • Enterprise network architectures

Preferred Certifications
  • GREM (GIAC Reverse Engineering Malware)
  • GCFA (GIAC Certified Forensic Analyst)
  • GCTI (GIAC Cyber Threat Intelligence)
  • GCIA (GIAC Certified Intrusion Analyst)
  • CISSP
  • CARTP, CRTO, or equivalent offensive security certifications
  • Relevant CrowdStrike certifications

What Success Looks Like

Within the first 12-18 months, the successful candidate will have:
  • Established automated malware analysis capabilities that measurably improve Incident Response efficiency.
  • Built repeatable processes to support malware investigations across CTI, IR, and MDR teams.
  • Produced impactful malware research and thought leadership content that enhances Kroll's market reputation.
  • Improved support for clients leveraging CrowdStrike and BlueVoyant MDR services.
  • Developed new analytical capabilities that increase visibility into sophisticated malware threats and drive better client outcomes.
  • Become the technical focal point for malware-related investigations across Kroll's cyber risk business.


Your recruiter will be happy to walk you through your U.S.-specific benefits, which include:

  • Healthcare Coverage: Comprehensive medical, dental, and vision plans.
  • Time Off and Leave Policies: Generous paid time off (PTO), paid company holidays, generous parental and family leave.
  • Protective Insurances: Life insurance, short- and long-term disability coverage, and accident protection.
  • Compensation and Rewards: Competitive salary structures, performance-based incentives, and merit-based compensation reviews.
  • Retirement Plans: 401(k) plans with company matching.


Please note that benefits may vary by region, department and role. We encourage you to speak with your recruiter to learn more about the specific benefits available for your position.

In order to be considered for a position, you must formally apply via careers.kroll.com.

The current salary range for this position is $200,000 to $240,000

#DNI

About Kroll

Kroll is a corporate investigations and risk consulting firm headquartered in New York City. Established in 1972, Kroll has nearly 5,000 employees in 30 countries and territories. The current CEO is Jacob Silverman.
Learn more about Kroll
Industry
Founded
1972

Similar Jobs

More Jobs at Kroll

More Information Technology Jobs

Find similar Director, Malware Analysis, Threat Intelligence jobs: