Location: Washington, DC, United States

This is a senior, highly technical role within CRAFT, built for complex problem-solving beyond standard operational procedures . You will work across stealthy, long-dwell intrusion patterns and advanced tradecraft including credential abuse, supply chain targeting, living-off-the-land techniques, custom malware, infrastructure obfuscation, and exploitation of emerging vulnerabilities, including potential AI-augmented attacker behavior. Success looks like faster, higher-confidence investigative outcomes, stronger detections, and reduced dependency on ad hoc support from already constrained operational teams.

Hands-on technical research and analysis of cyber espionage activity, including APT TTPs, adversary infrastructure, and intrusion lifecycle behaviors, and you will translate technical detail into clear, actionable guidance for operational response.

You will augment CyberOps during high-priority incidents by providing rapid investigation support, hypothesis-driven analysis, and durable outputs such as detection logic, enrichment, and incident-ready playbook improvements.

You will build practical technical solutions like scripts, automation, enrichment tools, detection prototypes, and AI-assisted analysis workflows, that shorten time-to-answer and raise consistency across investigations .

You will drive deeper research into nation-state threats, emerging vulnerabilities, supplier risk, AI-enabled threat activity, and targeted campaigns relevant to the firm, producing outputs that directly inform operational readiness and prioritization.

You will bridge intelligence, attack analysis, vulnerability management, and supplier threat response by enabling two-way collaboration across CyberOps

Required Qualifications:

Over 20+ years of conducting technical intrusion analysis and cyber threat research focused on sophisticated adversaries (espionage-aligned tradecraft).

Demonstrated ability to produce operationally useful outcomes: detections, enrichment, triage improvements, and clear technical write-ups that drive action.

Strong understanding of attacker behaviors across credential misuse, persistence, lateral movement, data staging, covert exfiltration, and stealth techniques .

Proven capability to build and maintain lightweight automation to support investigations (scripts, parsers, enrichment utilities, workflow tooling).

Strong judgment handling sensitive information and operating within controlled security and risk constraints.

CRAFT (Cyber Research and Analysis Fusion Team) is seeking a high-impact technical specialist to accelerate our ability to detect, investigate, and respond to high skilled threat actor activity targeting the financial sector. The role focuses on hands-on threat research, adversary tradecraft analysis, and rapid technical support during high-priority incidents, with a strong emphasis on turning findings into practical outcomes for our cyber security operations. A core expectation is the ability to evaluate and responsibly apply frontier AI models to improve research velocity, detection quality, and investigative efficiency without compromising security.