SpyCloud collects recaptured breach data, malware-exfiltrated credentials, session cookies, and commercially available information at scale. The Investigations team turns that data into investigative reports and analytical products -- attribution packages, infrastructure assessments, identity exposure reports, and analytical support for government and enterprise customers.
This is a customer-facing role supporting government and IC-aligned customers across a range of national security mission areas. The analyst will conduct original investigations, respond to requests for information, deliver training and capability demonstrations to cleared personnel, and develop AI-assisted analytical workflows using SpyCloud's platform and tooling.
What You'll Do:- Investigations
- Conduct all-source investigations using breach data, malware-exfiltrated logs, OSINT, and commercially available information to attribute threat actors, map adversary infrastructure, and assess identity and credential exposure.
- Respond to requests for information from government and program stakeholders, producing analytical reports and investigation packages on short timelines.
- Analyze infostealer log files to extract credential exposure, behavioral indicators, and infrastructure intelligence relevant to ongoing analytical requirements.
- Pivot across SpyCloud data using the Investigations Portal, API, and Python-based notebooks to develop leads and close attribution gaps.
- AI-Assisted Analysis
- Integrate large language models and AI tooling into investigative workflows -- building prompts, synthesizing multi-source data, and validating outputs against primary evidence.
- Develop and document reusable analytical workflows, prompt libraries, and notebook-based processes that improve team throughput and consistency.
- Stay current on emerging AI capabilities relevant to OSINT, CAI analysis, and analytical production.
- Training and Customer Support
- Deliver product training and live capability demonstrations to cleared government personnel, tailoring content to the analytical mission and maturity of each audience.
- Build scenario-based training materials and leave-behind products drawn from real investigation findings.
- Support onboarding of new customers and users, helping them connect SpyCloud capabilities to their specific analytical requirements.
- Reporting and Coordination
- Track RFI fulfillment, investigative outcomes, and analyst credit usage, reporting results to SpyCloud leadership.
- Represent SpyCloud at relevant community events, conferences, and working groups as needed.
Requirements:- Education
- Bachelor's degree in intelligence studies, computer science, cybersecurity, international relations, criminal justice, or a related field -- or five or more years of equivalent professional experience in lieu of a degree.
- Clearance
- Active TS/SCI required.
- Preferred background: Department of Defense, Defense Intelligence Agency, Central Intelligence Agency, or affiliate of the Intelligence Community.
- Experience
- Five or more years in an all-source, OSINT, or CAI analytical role within a government, defense, or IC-aligned environment.
- Demonstrated experience supporting RFI pipelines and delivering analytical reports to operational or program stakeholders.
- Prior experience delivering training or capability demonstrations to cleared analytical audiences.
- Familiarity with adversary TTPs across one or more threat areas: cyber operations, foreign procurement, critical infrastructure, influence operations, or illicit finance.
- Technical Skills
- Proficient in OSINT collection and CAI analysis: domain research, identity resolution, infrastructure mapping, and entity attribution.
- Practical experience incorporating AI and large language models into analytical work, including prompt development and output validation.
- Comfortable working with REST APIs and scripted data queries; Python preferred.
- Familiarity with commercial investigative platforms and ability to adapt them to new data sources and mission requirements.
- Familiarity with adversary analysis frameworks -- including MITRE ATT&CK, the Cyber Kill Chain, and the Diamond Model -- as contextual tools for structuring and communicating investigation findings.
- Working knowledge of structured analytic techniques (SATs) for evaluating evidence, surfacing assumptions, and reducing analytical bias.
- Communication
- Writes clear, well-structured analytical reports: BLUF-first, properly sourced, readable by both analysts and senior leaders.
- Confident briefing cleared program managers, unit leadership, or senior officials on investigation findings.
- Organized and self-directed; able to manage concurrent workstreams without close supervision.
- Travel
- Up to 25% travel required to support customer sites, training engagements, and community events.
Nice to Have:- Foreign language proficiency in Russian, Mandarin, Farsi, Korean, or Spanish.
- Experience with cryptocurrency tracing or illicit finance analysis.
- Prior speaking engagements at intelligence or cybersecurity conferences or working groups.
Base Salary Range: $120,000 - $180,000
The salary range reflects the expected base compensation for a fully qualified candidate at this level based on experience, qualifications, and market data at the time of posting.
U.S.-Based Benefits + Perks (for Full Time Employees):At SpyCloud, we are committed to working alongside individuals who are equally passionate about preventing cybercrime, regardless of their department or role. Guided by our core values in all business decisions, we prioritize unity in our mission and ensure all SpyCloud employees have the support and benefits they need to stay focused on our goals. In addition to our engaging workspace in South Austin, flexible and remote-friendly work options, and competitive salary package, we offer our employees a comprehensive benefits package that includes:
- 401(k) with Employer Contribution
- Health, Vision, and Dental Insurance
- Health Savings Account (HSA) available with Employer Contribution
- Employer Paid Life, Short-term, and Long-term Disability Insurance
- Generous PTO Plan and 16 paid holidays per year
U.K.-Based Benefits + Perks (for Full Time Employees):- Retirement Savings Plan with Employer Contribution
- Employer Provided Private Health Insurance and Healthcare Cashplan
- Employer Paid Life Insurance and Income Replacement
- Generous Holiday Plan and 14 paid holidays per year
