Cyber Threat Intelligence - Technical Analysis and Investigations Lead – VP

We’re seeking a Cyber Threat Intelligence – Technical Analysis and Investigations Lead in Technology to lead technical threat investigations, track sophisticated adversaries, and operationalize technical intelligence for detection and response.

In the Technology division, we leverage innovation to build the connections and capabilities that empower our clients and colleagues.

• Lead proactive threat hunts and advanced discovery to identify adversary campaigns, capabilities, infrastructure, and targets using internal collection, OSINT, and vendor intelligence. Research and track advanced threat actors and malware, maintaining deep technical understanding of adversary TTPs and tradecraft.
• Author high‑impact technical threat intelligence products and reports tailored to both operational teams and senior stakeholders.
• Develop and advance investigative tradecraft, analytic techniques, and automation to improve speed, repeatability, and fidelity of analytic workflows (including Python‑based analytics). Enrich, triage, and characterize threat insights and indicators by leveraging open‑source and commercial tooling, and curate high‑fidelity IOCs for operational use.
• Partner with threat hunting and security response teams to translate technical intelligence into detection opportunities, mitigations, and control validation activities.
• Maintain and curate threat profiles aligned to areas of responsibility, producing actionable technical intelligence for proactive detection and discovery.

• Minimum 5 years of experience in cyber threat intelligence, cyber discovery, or cybersecurity investigations, with a track record leading both teams and technical investigations and producing actionable outcomes.
• Expertise in tracking advanced threat actors and malware using frameworks such as MITRE ATT&CK and/or the Diamond Model to characterize campaigns, capabilities, and infrastructure.
• Proficiency in Python and scripting to automate investigative workflows and develop analytics (e.g., Jupyter notebooks).
• Experience with large‑scale data analysis and security telemetry tooling to identify patterns, quantify trends, and support analytic judgments.
• Experience with SIEM platforms and interpreting network/endpoint logs to progress investigations from hypothesis to evidence‑based conclusions.
• Ability to communicate clearly across technical and non‑technical audiences, including writing technical reporting and briefing investigative judgments and mitigations.

• GIAC GCTI, CISSP, CASP certifications.

Salary range for the position: $135,000 to $190,000 per year. The successful candidate may be eligible for an annual discretionary incentive compensation award and participation in the relevant business unit’s incentive compensation plan.

Morgan Stanley is an equal opportunity employer committed to building and maintaining a workforce that is diverse in experience and background. Our recruiting efforts reflect our strong commitment to a culture of inclusion, where individuals are hired, developed, and advanced based on their skills and talents. Our workforce reflects a broad cross-section of the global communities in which we operate, bringing a variety of backgrounds, talents, perspectives, and experiences.

For more information, please visit