✦ Luna Orbit — Cybersecurity

Cyber Threat Intelligence - Technical Analysis and Investigations Lead - VP

at Morgan Stanley

📍 Baltimore, Maryland, United States of America Unknown Posted April 15, 2026
Apply Now → ← Browse All Jobs

Position Details

Type Full-Time
Experience executive
Exp. Years Minimum 5 years
Education Not specified
Category Cybersecurity

About this role

Lead cyber threat intelligence technical analysis and investigations, driving threat hunts and translating intelligence into detection and response improvements. Author high-impact threat intelligence products and automate analytic workflows to increase speed and fidelity.

Key Responsibilities

  • Lead proactive threat hunts and advanced discovery
  • Track advanced threat actors and malware using MITRE ATT&CK and/or the Diamond Model
  • Author high-impact technical threat intelligence products and reports
  • Develop investigative tradecraft and automate analytic workflows using Python-based analytics and Jupyter notebooks
  • Enrich and curate high-fidelity IOCs and translate intelligence into detection opportunities and mitigations

Technical Overview

Responsibilities include tracking adversary campaigns and malware using MITRE ATT&CK and/or the Diamond Model, enriching and curating high-fidelity IOCs, and partnering with threat hunting and security response teams. Uses Python-based analytics with scripting and Jupyter notebooks, leverages security telemetry tooling and SIEM platforms, and operationalizes intelligence for detection opportunities, mitigations, and control validation.

Ideal Candidate

The ideal candidate is a VP-level cyber threat intelligence leader with 5+ years of experience in cyber threat intelligence, cyber discovery, or cybersecurity investigations. They lead proactive threat hunts and advanced discovery, tracking advanced threat actors and malware using MITRE ATT&CK and/or the Diamond Model. They are proficient in Python with scripting and analytics (including Jupyter notebooks) to automate investigative workflows, enrich and curate high-fidelity IOCs, and translate intelligence into detection and response outcomes using SIEM platforms.

Must-Have Skills

Minimum 5 years of experience in cyber threat intelligencecyber discoveryor cybersecurity investigationsLead proactive threat hunts and advanced discoveryExpertise in tracking advanced threat actors and malware using frameworks such as MITRE ATT&CKExpertise in tracking advanced threat actors and malware using frameworks such as the Diamond ModelProficiency in Python and scripting to automate investigative workflows and develop analytics (e.g.Jupyter notebooks)Experience with large-scale data analysis and security telemetry toolingExperience with SIEM platforms

Tools & Platforms

SIEM platformsMITRE ATT&CKDiamond ModelJupyter notebooks

Required Skills

Cyber Threat Intelligencetechnical threat investigationsthreat huntsadvanced discoveryOSINTvendor intelligencethreat actorsmalwareadversary TTPsinvestigative tradecraftanalytic techniquesautomationPython-based analyticsPythonscriptingJupyter notebookssecurity telemetry toolingSIEM platformsMITRE ATT&CKDiamond Modelindicators of compromise (IOCs)open-source toolingcommercial toolingthreat profilingdetection opportunitiesmitigationscontrol validation

Hard Skills

cyber threat intelligencetechnical threat investigationsthreat huntsadvanced discoveryadversary campaignsthreat actor trackingmalware analysisadversary TTPs and tradecrafttechnical threat intelligence products and reportsinvestigative tradecraftanalytic techniquesautomation of analytic workflowsPython-based analyticsPythonscriptingJupyter notebooksopen-source toolingcommercial toolingindicators of compromise (IOCs)IOC curationthreat profilingdetection and responsesecurity response teamsdetection opportunitiesmitigationscontrol validation activitiesMITRE ATT&CKDiamond ModelSIEM platformssecurity telemetry toolinglarge-scale data analysissecurity analytics judgments

Soft Skills

lead technical threat investigationsauthor high-impact products and reportstailor communications to operational teams and senior stakeholderspartner with threat hunting and security response teamstranslate technical intelligence into detection opportunitiesmaintain deep technical understanding

Industry & Role

Industry Banking
Job Function Operate and lead technical cyber threat intelligence investigations and analytics for detection and response
Role Subtype Security Engineer
Tech Domains Cybersecurity, Python

Keywords for Your Resume

Cyber Threat IntelligenceTechnical Analysis and Investigations LeadVPcyber threat intelligencetechnical threat investigationsthreat huntsadvanced discoveryadversary campaignsinfrastructuretargetsOSINTvendor intelligencethreat actorsmalwareTTPstradecrafttechnical threat intelligence products and reportsinvestigative tradecraftanalytic techniquesautomationPython-based analyticsPythonscriptingJupyter notebooksIOCsopen-source toolingcommercial toolingMITRE ATT&CKDiamond ModelSIEM platforms

Deal Breakers

Must have minimum 5 years of experience in cyber threat intelligence, cyber discovery, or cybersecurity investigations, Must be proficient in Python and scripting for investigative automation (e.g., Jupyter notebooks), Must have expertise using MITRE ATT&CK and/or the Diamond Model

Apply for this Position →

Get matched to jobs like this

Luna finds roles that fit your skills and career goals — no endless scrolling required.

Create a Free Profile