Cyber Intelligence Director

JPMorgan Chase · Banking · Washington, DC +1 · Corporate Sector

This role focuses on cyber intelligence and threat research, analyzing sophisticated adversary TTPs and developing practical technical solutions to improve investigative outcomes and detections. While it mentions AI-augmented attacker behavior and AI-assisted workflows, the core function is cyber defense and threat analysis, not direct AI/ML model development.

What you'd actually do

Hands-on technical research and analysis of cyber espionage activity, including APT TTPs, adversary infrastructure, and intrusion lifecycle behaviors, and you will translate technical detail into clear, actionable guidance for operational response.
You will augment CyberOps during high-priority incidents by providing rapid investigation support, hypothesis-driven analysis, and durable outputs such as detection logic, enrichment, and incident-ready playbook improvements.
You will build practical technical solutions like scripts, automation, enrichment tools, detection prototypes, and AI-assisted analysis workflows, that shorten time-to-answer and raise consistency across investigations .
You will drive deeper research into nation-state threats, emerging vulnerabilities, supplier risk, AI-enabled threat activity, and targeted campaigns relevant to the firm, producing outputs that directly inform operational readiness and prioritization.

Skills

Required

technical intrusion analysis
cyber threat research
sophisticated adversaries
espionage-aligned tradecraft
operationally useful outcomes
detections
enrichment
triage improvements
clear technical write-ups
attacker behaviors
credential misuse
persistence
lateral movement
data staging
covert exfiltration
stealth techniques
build and maintain lightweight automation
scripts
parsers
enrichment utilities
workflow tooling

Nice to have

AI-augmented attacker behavior
AI-assisted analysis workflows
AI-enabled threat activity

What the JD emphasized

Over 20+ years of conducting technical intrusion analysis and cyber threat research focused on sophisticated adversaries (espionage-aligned tradecraft).
Demonstrated ability to produce operationally useful outcomes: detections, enrichment, triage improvements, and clear technical write-ups that drive action.
Strong understanding of attacker behaviors across credential misuse, persistence, lateral movement, data staging, covert exfiltration, and stealth techniques .
Proven capability to build and maintain lightweight automation to support investigations (scripts, parsers, enrichment utilities, workflow tooling).

Read full job description

This is a senior, highly technical role within CRAFT, built for complex problem-solving beyond standard operational procedures . You will work across stealthy, long-dwell intrusion patterns and advanced tradecraft including credential abuse, supply chain targeting, living-off-the-land techniques, custom malware, infrastructure obfuscation, and exploitation of emerging vulnerabilities, including potential AI-augmented attacker behavior. Success looks like faster, higher-confidence investigative outcomes, stronger detections, and reduced dependency on ad hoc support from already constrained operational teams.

Hands-on technical research and analysis of cyber espionage activity, including APT TTPs, adversary infrastructure, and intrusion lifecycle behaviors, and you will translate technical detail into clear, actionable guidance for operational response.

You will augment CyberOps during high-priority incidents by providing rapid investigation support, hypothesis-driven analysis, and durable outputs such as detection logic, enrichment, and incident-ready playbook improvements.

You will build practical technical solutions like scripts, automation, enrichment tools, detection prototypes, and AI-assisted analysis workflows, that shorten time-to-answer and raise consistency across investigations .

You will drive deeper research into nation-state threats, emerging vulnerabilities, supplier risk, AI-enabled threat activity, and targeted campaigns relevant to the firm, producing outputs that directly inform operational readiness and prioritization.

You will bridge intelligence, attack analysis, vulnerability management, and supplier threat response by enabling two-way collaboration across CyberOps

Required Qualifications:

Over 20+ years of conducting technical intrusion analysis and cyber threat research focused on sophisticated adversaries (espionage-aligned tradecraft).

Demonstrated ability to produce operationally useful outcomes: detections, enrichment, triage improvements, and clear technical write-ups that drive action.

Strong understanding of attacker behaviors across credential misuse, persistence, lateral movement, data staging, covert exfiltration, and stealth techniques .

Proven capability to build and maintain lightweight automation to support investigations (scripts, parsers, enrichment utilities, workflow tooling).

Strong judgment handling sensitive information and operating within controlled security and risk constraints.