Associate Director, Threat Intelligence

SUMMARY

The Associate Director, Threat Intelligence (CTI) is a self-driven cybersecurity leader responsible for managing a team of analysts and delivering high-quality, actionable intelligence to reduce risk and strengthen the security posture of clients. As a Subject Matter Expert (SME), this role collaborates with stakeholders to identify intelligence needs, analyze complex cyber threats, and guide the development of intelligence-driven strategies for threat detection, prevention, and response. The position demands strong analytical capabilities, deep technical expertise in CTI, DFIR, and the Dark Web, and the ability to clearly communicate insights to diverse audiences, including senior executives.

In addition to overseeing day-to-day team operations, the Associate Director mentors team members, ensures the consistent quality of intelligence products, and fosters a collaborative, high-performance environment. During client engagements, they work closely with internal experts and client stakeholders to deliver strategic guidance, reporting, and consultation. This role also involves building trusted relationships with clients and their legal counsel, maintaining situational awareness through data analysis, and providing leadership support during high-priority or after-hours incidents.

ROLES & RESPONSIBILITIES  

• Manages Arete’s global team of cyber intelligence analysts, ensuring they meet or exceed SLA targets, adhere to KPIs, and deliver high-quality intelligence products
• Oversees quality of attribution and is responsible for pivoting training program
• Oversees production of annual and quarterly Crimeware reports, ad hoc blogs, and client-specific deliverables demonstrating Arete’s intelligence capabilities and expertise
• Contributes to the enhancement of existing CTI products, services, and processes, and/or creation of new ones to generate additional revenue
• Oversees a multi-team process gathering extensive information on cybercrime actors and actively correlating that information to drive response actions
• Works with stakeholders to determine cyber threat intelligence needs and requirements and identify the most effective methods for fulfilling them
• Conducts extensive research into current threat activity; analyzing the origins, pathways, and methodologies of malicious cyber activities to attribute, model and predict future intrusions and threats
• Evaluates current and emerging tools and best practices for tracking cyber-crime and advanced persistent threats to improve automation, data analysis, intelligence sharing and service offerings
• Produces materials, written products, and graphics related to tactical, operational, and strategic intelligence about threat groups, the methodologies they use, and the motivations behind their activity and briefs them to technical and non-technical audiences
• Supports the countermeasures development team highlighting indicators of threat activity for the creation of detection mechanisms and identifying gaps in the threat detection technology
• Engages with external entities, such as industry sharing groups, government agencies, and intelligence communities, to exchange information and collaborate on threat intelligence initiatives
• Acts as main point of contact for CTI-related matters, capturing client expectations, ensuring alignment throughout engagements, and delivering final reports that meet objectives of client and counsel
• Provides coaching and guidance to junior analysts and other team members; sets clear expectations, appraises performance, and supports career development and growth
• Fosters a collaborative and inclusive culture where top talent thrives; promotes accountability, professional growth, and shared success across teams
• Oversees recruitment, hiring, onboarding and retention of high-caliber employees
• Monitors team performance, offers guidance and feedback as needed to ensure long-term success of the CTI team
• Performs other duties as assigned by management

SKILLS AND KNOWLEDGE  

• Holds comprehensive knowledge in CTI, Dark Web, and is familiar with malware reverse engineering or countermeasure development
• Strong background and practical hands-on experience with Cyber Threat Intelligence concepts, including expert-level knowledge of attribution and pivoting for investigations
• Ability to work effectively and independently in a fast-paced, dynamic environment and prioritize tasks to meet deadlines
• Knowledge of intrusion analysis models and frameworks like the Cyber Kill Chain, Diamond Model, and MITRE ATT&CK, and structured analytic techniques like Analysis of Competing Hypotheses (ACH)
• Knowledge of different cybercrime and state-sponsored threat actor groups, and their TTPs
• Knowledge of artificial intelligence applications with threat intelligence, with a special emphasis on predictive intelligence
• Knowledge of, or experience with, ransom negotiations
• Strong written and verbal communication skills, with the ability to present technical information to both technical and non-technical stakeholders
• Ability to work in a minimal supervision environment maintaining high quality analytical production and excellent relationship with stakeholders
• Demonstrated ability to manage relationships with stakeholders

Adaptable and willing to learn new technologies

JOB REQUIREMENTS

• Bachelor's degree and 10+ years related experience in Cyber Threat Intelligence or Master's degree in Cybersecurity, Intelligence Studies, Political Science, Information Assurance, or related field with a minimum of 8 years of experience in Cyber Threat Intelligence or Doctorate and 6+ years related experience
• Experience taking non-traditional and creative approaches to solving problems and having the ability to quickly adapt as needed
• Experience using threat intelligence platforms and standards such as ThreatConnect, MISP, STIX/TAXII
• Experience operating in an autonomous manner, handling the delivery of projects and work products with minimal oversight

DISCLAIMER

The above statements are intended to describe the general nature and level of work being performed. They are not intended to be an exhaustive list of all responsibilities, duties and skills required personnel so classified. 

WORK ENVIRONMENT

While performing the responsibilities of this position, the work environment characteristics listed below are representative of the environment the employee will encounter: Usual office working conditions. Reasonable accommodation may be made to enable people with disabilities to perform the essential functions of this job.

PHYSICAL DEMANDS

• No physical exertion required
• Travel within or outside of the state
• Light work: Exerting up to 20 pounds of force occasionally, and/or up to 10 pounds of force as frequently as needed to move objects

TERMS OF EMPLOYMENT

Salary and benefits shall be paid consistent with Arete salary and benefit policy.

FLSA OVERTIME CATEGORY

Job is exempt from the overtime provisions of the Fair Labor Standards Act

Arete Incident Response is an outstanding (and growing) company with a very dedicated, fun team. We offer competitive salaries, fully paid benefits including Medical/Dental, Life/Disability Insurance, 401(k) and the opportunity to work with some of the latest and greatest in the fast-growing cyber security industry.
 
 
When you join Arete…
You’ll be doing work that matters alongside other talented people, transforming the way people, businesses, and things connect with each other. Of course, we will offer you great pay and benefits, but we’re about more than that. Arete is a place where you can craft your own path to greatness. Whether you think in code, words, pictures or numbers, find your future at Arete, where experience matters.
Equal Employment Opportunity
We’re proud to be an equal opportunity employer- and celebrate our employees’ differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better.