דרושים » בכירים » VP Maritime Intelligence Operations

The Cyber Threat Intelligence Hunter will sit within Unit 42 Managed Threat Hunting and support proactive, intelligence-led hunting across customer environments. This role combines hands-on threat hunting with cyber threat intelligence analysis, helping multinational organizations stay one step ahead of adversaries and cyber threats.
Key Responsibilities
Analyze public and private threat intelligence, Unit 42 research, adversary campaigns, malware activity, infrastructure, indicators, and TTPs.
Translate threat intelligence into actionable hunting hypotheses, investigation workflows, hunting queries, and customer-facing findings.
Execute existing threat hunting reports and hunting workflows, investigate results, and support timely customer reporting.
Investigate scheduled hunt detections and compose clear, professional reports when relevant.
Investigate hunting leads based on IOCs, threat intelligence, internal detections, customer telemetry, and emerging adversary behaviors.
Monitor the threat landscape and prepare initial context for emerging campaigns, enabling the global team to continue deeper investigation and hunting.
Collaborate with threat hunters, detection engineers, incident responders, MDR, and Unit 42 researchers to operationalize intelligence quickly and effectively.
Escalate major, unclear, or high-impact security events to the Threat Hunting leadership team when necessary.
Provide ongoing feedback on findings, hunting reports, queries, intelligence workflows, and operational processes to support continuous improvement.

The Cortex Threat Intelligence team is responsible for maintaining an up-to-date overview of the ever-changing threat landscape and its effects on the Cortex product suite. This includes the collection, analysis, and dissemination of technical threat intelligence from multiple internal and external sources. As part of this role, you will identify detection opportunities, automate threat intelligence processes, and develop tools and methodologies to increase team productivity. our company's Cortex XDR is a market-leading platform with an almost unparalleled telemetry data lake. Our team is deeply data-driven; it is the ideal environment for analysts who are enthusiastic about data mining, tracking threat actors, and deconstructing complex cyberattacks.
Key Responsibilities
Monitor the global threat landscape using diverse sources to proactively identify potential coverage gaps and improve Cortex XDRs defensive posture.
Perform in-depth research into cyberattack techniques to provide actionable insights and suggestions for improving product capabilities.
Leverage our company's telemetry datasets to identify emerging attack patterns and hunt for novel threats.
Design and propose robust detection logic across multiple operating systems (Windows, macOS, Linux).
Partner with cross-functional teams within our company to communicate findings and co-develop security enhancements.
Transform technical intelligence into high-impact deliverables, including customer-facing reports, research articles for the company blog, or presentations at international security conferences.

Naval Intelligence / Think tanks & OSINT NGOs / Maritime Fusion & Security institutes / International Relations background

Proven experience in analyzing and visualizing research insights including analysis of GEOINT/OSINT/ADINT/ELINT etc. data



Responsibilities

Develop and deliver reports by analyzing data via the Windward platform, as well as with relevant open-source research tools
Provide insights from data analysis to support decision-making processes
Ensure and incorporate feedback to improve and maintain data quality
Seek to improve processes to exceed customer expectations
Provides clear documentation for all relevant processes when necessary

As the Senior Knowledge Engineer, you will be the designer of a system that treats global infrastructure as a formal graph, where every node and edge is traced back to a versioned source of truth. This role is a part of the Product CTO organisation that includes a team of Technical Strategy leaders that bring outstanding ideas, the ability to execute cross functionally, and teamwork to a strategic, high future impact organisation.

The Vision:

The security industry is drowning in observed symptoms while starving for attestable truth. At CrowdStrike, we are building a high integrity infrastructure fabric - a platform that doesnt just scan for risks, but proves them through a deterministic digital twin of the enterprise.

The Challenge Youll Solve: How do you build a robust extensible framework that can connect to hundreds of different APIs, from mainstream cloud providers to niche security tools? How do you write the code that can parse and normalise their widely different schemas and data formats, and then efficiently map them into a canonical graph model? This is your build.

What You'll Do:
Build our Universal Translator Framework: You will be the primary builder of our data ingestion and semantic transformation pipelines. You will design and implement the core framework and specific connectors to parse API schemas and transform raw data into our canonical model.

Architect the Knowledge Construction Engine: You will implement the systems that turn data into knowledge. This includes building the code generators that compile our team's high level mapping configurations into low level artifacts, and developing the software for our entity resolution engine to fuse disparate data into unified conceptual entities.

Data Quality & Validation Strategy: You will contribute to a multi-backend graph architecture optimized for both real time temporal state and deep multihop path analysis.

Work Crossfunctionally: Work closely with the Principal Ontologist, Asset Platform, Risk Platform, Ingest, and Design Teams.

Lead, Mentor, and Align: Guide a diverse team of engineers, taxonomists, and subject matter experts in distilling vendor specific noise into a unified topography of risk.

Provide support to the wider CTO organization including the Falcon Fund, Privacy & Cyber Policy, Data Science and Detection Architecture teams, as well as the broader CrowdStrike organization as needed.

Work with industry analysts to provide product updates, briefings, and demonstrations.

As a Senior Threat Intelligence Researcher, you will be responsible for tracking advanced adversaries and leveraging your deep technical expertise across attacker capabilities, infrastructure, and tactics. You will create and refine approaches to uncover and monitor active threat actors, as well as surface irregular and emerging behaviors in the broader threat landscape. The intelligence you generate will directly strengthen our companys understanding of threat actors and will inform proactive hunting, detection engineering, and defensive decision-making.
Responsibilities
Lead complex threat intelligence investigations through in-depth analysis of the global threat landscape, with a focus on advanced and state-linked actors.
Define and prioritize threat research focus areas (actors, campaigns, sectors, techniques) aligned with our companys customers and product roadmap.
Deliver actionable cyber threat intelligence and design and execute hunting campaigns using analytics, automation, and advanced AI capabilities.
Curate and maintain structured knowledge on actors, campaigns, infrastructure, and TTPs in our companys internal threat knowledge base.
Work closely with CyberAI researchers on the development of next-generation artificial cyber researchers and AI-driven analysis capabilities.

We're looking for a security practitioner who wants to go deeper than monitoring dashboards and triaging alerts. Someone who understands what good detection looks like, knows their way around a SIEM, and isn't afraid to roll up their sleeves with APIs and automation. You'll be the bridge between the security products our customers already trust and the our company platform that validates whether those products are actually doing their job.

Opportunity Highlights
Our integrations team is responsible for connecting our company with the security products that make up enterprise defense stacks worldwide - EDR and XDR platforms, SIEMs, vulnerability management tools, threat intelligence platforms, email security products, and cloud security solutions.

You'll own the full lifecycle of these integrations: building new ones, keeping existing ones healthy, and setting up realistic lab environments that mirror what our customers actually run. When something breaks in the field (or can't be reproduced internally) you'll be the one figuring it out.

You won't be doing this alone. You'll work closely with our Product, Engineering, and Security teams, and you'll have access to modern AI-powered development tools that let you move fast without sacrificing quality.

The Impact You Will Have

Design, build, and maintain integrations with leading third-party security products
Own the full lifecycle of existing integrations - maintenance, bug fixes, upgrades, and reliability improvements
Research vendor APIs, authentication flows, event schemas, and product capabilities to unlock new integrations
Translate complex security telemetry into normalized, actionable data
Build and maintain lab environments that mirror real enterprise security deployments
Reproduce field scenarios, validate detections, and troubleshoot integration behavior end-to-end
Investigate issues in customer-like environments when they can't be reproduced internally
Continuously evaluate new security technologies and identify integration opportunities
Use modern AI-driven development tools to accelerate delivery and improve quality

We are looking for a SecOps Engineer to join our Security Operations team as the technical lead for Incident Response and Cloud Security.

The team is responsible for monitoring our production and corporate environments, responding to security incidents, and continuously hardening our cloud, network, and CI/CD posture. This role is the senior technical anchor of the function: the first responder during critical incidents, the architect behind our cloud and network defenses, and a technical mentor to the rest of the team.

You will own the Incident Response practice, lead our cloud security program across CNAPP, SASE/ZTNA, and CI/CD supply-chain security, and partner with Engineering, DevOps, and Platform teams to drive security improvements at scale. Participation in an on-call rotation for critical incidents is required.

How Will You Make an Impact?

Own our SASE/ZTNA stack: policy management, network security, secure access.

Own our CNAPP platform: workload protection, posture management, vulnerability prioritization.

Own our CI/CD security platform and drive software supply-chain security across the organization.

Serve as IR Expert: first responder for critical security incidents, owning detection, containment, eradication, and recovery.

Lead post-incident root-cause analysis and drive remediation across the organization.

Build and maintain IR playbooks, runbooks, and tabletop exercises.

Partner with DevOps and Platform teams on secure-by-default cloud architecture.

Contribute to broader security architecture decisions across the security stack.

Mentor more junior engineers on the team and lead technical reviews of their work.

Act as deputy to the SecOps Team Lead on strategic initiatives.

Participate in the critical-incident on-call rotation.

As the Manager of the Rapid Response (RR) team, you will lead a group of malware analysts responsible for developing, improving, and deploying our rapid anti-malware prevention capabilities. Your team is on the front lines of statically analyzing urgent customer issues, stopping malicious activities in their tracks, and developing to halt attacks at the earliest possible stage. In this role, you will guide the teams technical direction, drive automation initiatives, and act as the critical bridge between frontline support, global research, and engineering.
Key Responsibilities
Lead, mentor, and develop a team of fast-paced malware analysts, fostering a "play to win" culture.
Oversee the daily triage, investigation, and resolution of urgent customer escalations, specifically False Positive (FP) and False Negative (FN) malware prevention events - ensuring swift and accurate mitigation.
Drive the team's automation efforts, identifying opportunities to automate routines to reduce response times and scale the team's capabilities.
Direct the analysis of emerging malware families, OS internals, and attack frameworks to ensure the team maintains an up-to-date overview of the current threat landscape.
Guide the development of rapid, high-quality prevention signatures (e.g., YARA, IPS) to enhance product coverage.
Act as the primary technical escalation point and work in close coordination with global research teams, support, engineering, and other cross-functional stakeholders.

The Fraud Lead is the principal technical authority for fraud detection and response engine. You own the professional logic that powers our product, ensuring that the "Brain" of our platform is technically cohesive, scientifically rigorous, and market-leading.
You act as a System Architect for the fraud domain, connecting the dots between Research, Data Science, and Analytics. Crucially, you serve as the primary technical consultant for our customers, helping them understand, integrate, and optimize the fraud logic that protects their environments. You work alongside a separate Product group (who defines the roadmap) and a Platform Engineering group (who builds the infrastructure).
What youll do:
Technical Domain Architecture
Logic Blueprinting: Design the end-to-end technical logic for detection features-from telemetry ingestion to real-time response actions.
Cross-Team "Glue": Ensure that Fraud Research insights are effectively operationalized by the Data Science team and surfaced correctly by the Analytics team.
Architecture Governance: Set the technical standards for how detection logic is built, ensuring it is scalable and compatible with the Platform Engineering teams infrastructure.
Customer Fronting & Technical Advisory
Technical Subject Matter Expert: Act as the lead technical consultant for high-value customers. You will lead "deep-dive" sessions with client-side engineers and fraud experts to explain our detection methodologies and data requirements.
Integration Strategy: Advise customers on how to best leverage our technical logic within their specific business contexts.
Feedback Loop: Translate complex customer technical needs and "edge case" fraud patterns back into technical requirements for the internal fraud group.
Expert Implementation
Hands-on Prototyping: Remain an expert practitioner in Python and SQL. You will prototype new detection methodologies and perform technical validation of production models.
Quality & Observability: Design the technical frameworks that ensure our detection logic remains performant and observable in live customer environments.