CrawlJobs Logo

Senior Threat Intelligence Manager

https://www.microsoft.com/ Logo

Microsoft Corporation

Location Icon

Location:
United States , Multiple Locations

Category Icon
Category:
IT - Software Development

Job Type Icon

Contract Type:
Employment contract

Salary Icon

Salary:

163000.00 - 296400.00 USD / Year
Save Job
Save Icon
Apply Position

Job Description:

Microsoft Customer Success Security is looking for a Senior Threat Intelligence (TI) Manager to lead a team of threat intelligence analysts responsible for producing and delivering threat intelligence content to customers. You will work closely with internal Microsoft stakeholders, such as Engineering and the Detection and Response Team (DART), to develop finished intelligence reports with timely and relevant content. This TI team will present highly technical research and threat information to a range of customer audiences across multiple industries around the world. The intelligence reports will complement usage of Microsoft security products in proactive and reactive incident response situations. This role requires cross-team and cross-geo collaboration.

Job Responsibility:

  • Lead global team of threat intelligence analysts to: Create and track threat intelligence reports to support customers and internal stakeholders
  • Engage with internal stakeholders to ensure threat intelligence content integrates with various product and service groups within Microsoft
  • Ensure threat intelligence deliverables cover critical and time-sensitive threats, as well as creating new reports that close any identified gaps
  • Develop metrics to measure effective delivery and customer satisfaction

Requirements:

  • Doctorate in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 5+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR Master's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 6+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 8+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR equivalent experience
  • 3+ years people management experience

Nice to have:

  • Doctorate in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 8+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR Master's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 12+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 15+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR equivalent experience
  • 5+ years people management experience
  • 5+ years producing finished intelligence content on threat actors and attacker techniques including written reports, presentations, and visuals covering attribution, threat detection and hunting guidance, and remediation recommendations
  • 5+ years leading multi-disciplinary team of threat intelligence analysts leveraging incident response data
  • Proven ability to develop new threat intelligence content types, standards, and processes
  • Expertise in managing customer escalations and complex work streams with quick turnaround deliverables
  • Solid knowledge of customer requirements across a variety of industries and geos
  • Experience working with engineering resources to develop automated intelligence solutions
  • Proven track record of working across cross-functional teams including threat hunters, incident responders, and customer delivery representatives
  • Incident response or intrusion remediation experience
  • Expertise in providing dedicated finished intelligence support to customers
  • Experience developing business strategy around threat intelligence production and delivery
  • Solid oral and written communication, organization and interpersonal skills
What we offer:

Certain roles may be eligible for benefits and other compensation

Additional Information:

Job Posted:
May 04, 2026

Employment Type:
Fulltime
Work Type:
Hybrid work
Icon
Microsoft Corporation - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Senior Threat Intelligence Manager

Senior Product Manager – Threat Detection

As a Product Manager – Threat Detection, you will be responsible for driving the...
Location
Location
United States
Salary
Salary:
182000.00 - 219000.00 USD / Year
https://corelight.com/ Logo
Corelight
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 2+ years in a technical support, engineering, or security research role
  • 3+ years in networking in a product or practitioner role
  • 5+ years overall experience in cybersecurity, with a focus on network security and threat detection
  • Strong understanding of network protocols, network security principles, and intrusion detection methodologies
  • Experience with Zeek (Bro) and its applications within NDR and security operations
  • Experience with network forensics, packet analysis, and network-based anomaly detection
  • Strong analytical skills, with the ability to interpret and apply threat intelligence and attack frameworks (e.g., MITRE ATT&CK)
  • Bachelor's degree in Computer Science, Computer Engineering, Cybersecurity, or equivalent experience
Job Responsibility
Job Responsibility
  • Develop and maintain a cutting edge detection engineering program via collaboration with Corelight Labs Research
  • Execute the product strategy for Corelight’s threat detection capabilities
  • Research adversary tactics, emerging network threats, and novel detection methodologies to improve the effectiveness of Corelight’s NDR solutions
  • Work closely with threat researchers, SOC analysts, and detection engineers to develop high-fidelity detection logic and optimize network threat intelligence
  • Analyze network protocols and traffic patterns to identify new ways to extract valuable security-relevant insights
  • Collaborate with engineering, UX, and security research teams to develop new features and improve the usability of Corelight’s threat detection tools
  • Contribute to open-source security initiatives, representing Corelight in the broader security community and helping drive innovation
  • Act as a technical liaison between customers, security teams, and internal stakeholders to ensure Corelight remains the gold standard for network evidence collection
  • Define, prioritize, and refine product requirements for threat detection capabilities, integrations, and intelligence applications
  • Develop detection content, documentation, and best practices for leveraging Corelight’s platform in threat hunting and incident response workflows
What we offer
What we offer
  • Equity
  • Additional benefits
  • Collaborative, inclusive, and growth-oriented culture
  • AI-assisted workflows
  • Machine learning models
  • Cloud security and SaaS-based solutions
  • Geographically distributed yet connected employee base
  • Fulltime
Read More
Arrow Right

Head of cyber threat exposure and attack surface management

Lead the enterprise-wide Continuous Threat Exposure Management (CTEM) strategy, ...
Location
Location
United Kingdom , Knutsford
Salary
Salary:
Not provided
barclays.co.uk Logo
Barclays
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience in cybersecurity with direct exposure to vulnerability management, red teaming, or threat exposure reduction
  • Proven track record leading programs integrating CSPM, SSPM, ASM, BAS, or exposure correlation technologies
  • Strong understanding of attack paths, adversary emulation, and continuous validation concepts
Job Responsibility
Job Responsibility
  • Own and drive the global CTEM strategy, establishing a continuous, threat-driven exposure management lifecycle aligned with NIST, MITRE, and CISA Secure-by-Design principles
  • Lead and develop a high-performing CTEM team, fostering collaboration, technical excellence, and an outcome-driven culture
  • Integrate and oversee key exposure management technologies, including Cloud Security Posture Management (CSPM), SaaS Security Posture Management (SSPM), Attack Surface Management (ASM), Breach & Attack Simulation (BAS), and other exposure correlation platforms
  • Correlate assets, identity, vulnerability, and configuration to identify high-impact, exploitable attack paths and inform prioritized remediation strategies
  • Collaborate with Application Security, Vulnerability Management, Red Team, and Security Operations to synchronize discovery, validation, and remediation of exposures across the enterprise
  • Align CTEM outputs with real-world adversary behaviors, leveraging Red Team and Threat Intelligence input to validate attack paths and focus on exploitable conditions
  • Drive automation and AI-enabled analytics to continuously map, assess, and measure reductions in the organization’s attack surface
  • Translate technical findings into business risk language, enabling senior leadership and risk committees to make data-driven investment decisions
  • Define and lead CTEM governance and operating models, ensuring exposure assessments, validation, and remediation tracking are embedded in operational processes
  • Establish clear KRIs and maturity metrics that demonstrate continuous improvement in visibility, validation, and response effectiveness
What we offer
What we offer
  • Competitive holiday allowance
  • Life assurance
  • Private medical care
  • Pension contribution
  • Fulltime
Read More
Arrow Right

Senior Acquisition Intelligence Support contractor

MAINSAIL Group is looking for an experienced Intelligence & Cyber Analyst to joi...
Location
Location
United States , Hanscom AFB
Salary
Salary:
Not provided
mainsailgroupinc.com Logo
MAINSAIL Group
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Top Secret/SCI Clearance and U.S. Citizenship required for all applicants
  • Bachelor’s degree and 15 years of experience in intelligence support to acquisition programs
  • Advanced knowledge of DoD, USAF, AFLCMC and private-sector acquisition principles, guidance, Executive Orders, regulations and procedures relevant to intelligence support to major Defense acquisition efforts
  • Knowledge of cyber threats and intelligence tracking and assessments of such threats, as they may impact SAOC mission areas
  • Experience supporting a range of DoD acquisition activities through various stages of the Defense Acquisition cycle
  • Possess the knowledge and mindset to play a key “forward leaning” support role as a senior contractor
  • The ability to effectively communicate in both written and verbal forms on highly technical topics
Job Responsibility
Job Responsibility
  • Contribute to and address specific SAOC program intelligence requirements while assessing the impact of technically advanced threat and security support issues to reduce program and operational risks
  • Work with SAOC Cyber team to assess cyber threats to SAOC mission areas and assist in developing solutions to such threats
  • Team with program offices, product centers, and the Intelligence Community (IC) to provide system engineering and technical analysis level inputs in support of major acquisition decisions
  • Provide acquisition intelligence technical and analytical support as outlined in annual Intel Support Taskings from AFLCMC/IN and external PEO customers
  • Review, tailor and analyze Threat Assessments relevant to the SAOC mission areas
  • Review, tailor and analyze System Threat Analysis Reports (STAR) and Validated On-Line Life-Cycle Threats (VOLTS) to the SAOC mission areas
  • Review, tailor and analyze ISR dependencies and Requirements that will support the SAOC mission areas
  • Review, tailor and analyze cross-program analyses, including external programs that impact SAOC subsystems and capabilities
  • Support technical Adversary Cyber Threat Assessments (ACTA) relevant to the SAOC mission areas
  • Support technical Intelligence supportability analyses for the SAOC mission areas
  • Fulltime
Read More
Arrow Right

Senior Cybersecurity Analyst, Threat Hunter

Our cybersecurity and information security teams at IDEXX contribute to a more r...
Location
Location
United States , Westbrook, Maine
Salary
Salary:
120000.00 - 140000.00 USD / Year
idexx.com Logo
IDEXX
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6–10 years of experience in cybersecurity roles
  • Minimum of 3 years dedicated specifically to threat hunting or advanced incident response
  • Bachelor’s degree in computer science, Cybersecurity, Information Technology, or a related field
  • Preferred certifications GCIH (GIAC Certified Incident Handler) and CompTIA CySA+ (Cybersecurity Analyst+) certification
  • Proven, hands-on experience using platform for EDR (Endpoint Detection and Response) and threat hunting
  • Expert-level knowledge of PowerShell Scripting, Python and EDR and SIEM query language is preferred
  • Deep understanding of incident response lifecycles, methodologies, and forensic techniques
  • Strong knowledge of networking protocols, operating systems (Windows, Linux, macOS), and common attack vectors
  • Familiarity with scripting languages (e.g., Python, PowerShell) for automation of hunting tasks is a plus
  • Exceptional analytical and problem-solving skills with keen attention to detail
Job Responsibility
Job Responsibility
  • Proactively hunt for indicators of compromise (IOCs) and advanced persistent threats (APTs) across the network, endpoints, and cloud environments using threat intelligence and a hypothesis-driven methodology
  • Conduct in-depth analysis of security events, network traffic, and endpoint data to identify malicious activity and potential breaches
  • Utilize the SIEM and EDR platform extensively, applying expert knowledge of the scripting, SIEM and EDR query language to perform complex searches and data analysis
  • Lead and participate in incident response activities, including containment, eradication, and recovery efforts, serving as a primary escalation point for critical security incidents
  • Develop and refine threat hunting playbooks, procedures, and detection rules to improve the security team’s efficiency and effectiveness
  • Collaborate with the security engineering and security operations center (SOC) teams to integrate new threat intelligence and enhance existing security tools and controls
  • Mentor junior analysts and contribute to the ongoing improvement of the organization's overall security posture
What we offer
What we offer
  • Opportunity for annual cash bonus
  • Health / Dental / Vision Benefits Day-One
  • 5% matching 401k
  • Additional benefits including but not limited to financial support, pet insurance, mental health resources, volunteer paid days off, employee stock program, foundation donation matching
  • Fulltime
Read More
Arrow Right

Protective Intelligence Analyst

The Protective Intelligence Analyst is responsible for supporting the executive ...
Location
Location
United States , Austin
Salary
Salary:
95000.00 USD / Year
aus.com Logo
Allied Universal®
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • A minimum of 3 years of recent protective intelligence experience supporting executive protection teams and principals, or 5+ years of equivalent military, law enforcement, or intelligence experience.
  • Bachelor’s degree in Intelligence Studies, International Relations, Homeland Security, or related field (or equivalent operational experience).
  • Formal Intelligence Training certification (Military, Government, Association, or Private Sector) required.
  • Advanced training in threat assessment, travel risk management, or protective intelligence preferred.
  • Skilled in open-source (OSINT) and social media research, threat monitoring, and incident verification.
  • Experience producing protective intelligence products—threat assessments, travel risk reports, route/residence assessments, and pre-travel advisories.
  • Ability to collect, vet, and analyze information using the intelligence cycle to create accurate, actionable, bias-mitigated reporting.
  • Strong understanding of global security, geopolitical risks, terrorism, crime, and crisis response as they relate to executive travel and operations.
  • Proven ability to support EP operations in real time, providing clear, concise, and timely threat updates to decision-makers.
  • Proficiency in Microsoft Office Suite and familiarity with protective intelligence platforms (e.g., Factal, Dataminr, Babel Street, LifeRaft, Echosec).
Job Responsibility
Job Responsibility
  • Threat Monitoring & Early Warning: Continuously monitor open sources, social media platforms, dark web, and client-specific intelligence tools for threats or hostile surveillance activity directed at principals, their families, residences, travel plans, or affiliated events.
  • Protective Research & Threat Analysis: Conduct in-depth research and analysis on persons of interest (POIs), hostile actors, and groups with the intent or capability to target principals. Assess motivations, capability, opportunity, and intent to identify potential attack indicators.
  • Travel Risk Intelligence: Provide proactive intelligence support to executive protection teams during domestic and international travel, including country risk assessments, route reconnaissance, hotel and venue security reviews, and incident monitoring during trips. Deliver timely updates to traveling principals and EP teams.
  • Protective Operations Support: Deliver actionable, real-time intelligence to EP teams in support of principal movements, protective advances, route planning, and residence/event security. Maintain constant threat environment awareness and communicate relevant changes.
  • Geopolitical & Environmental Risk Tracking: Monitor global and regional security issues, including terrorism, political unrest, crime trends, natural disasters, and health risks—that could affect principals’ safety during travel or at residences/events.
  • Actionable Reporting & Products: Produce timely, clear, and actionable intelligence products including: Threat assessments (strategic and tactical), Travel risk assessments (pre-trip and in-trip updates), Situation reports (SITREPs) and incident summaries, Route and location assessments (residences, hotels, venues, offices)
  • Threat Mitigation Recommendations: Provide practical, proportionate recommendations to EP teams on how to mitigate identified threats, risks, and vulnerabilities. Offer clear triggers and indicators for escalation or operational adjustments.
  • Database & Knowledge Management: Maintain a structured, cross-referenced database of threats, POIs, incidents, and lessons learned to support future operations and ensure continuity of protective intelligence programs.
  • Confidentiality & Security: Safeguard sensitive client information, personal identifiers, and operational details at all times, adhering to strict confidentiality and need-to-know principles.
  • Operational Integration: Serve as the intelligence liaison to executive protection, event security, and corporate security teams, ensuring protective intelligence is integrated into all protective operations.
What we offer
What we offer
  • Employee Assistance Program
  • Employee Discount Program
  • Tuition Discount Program
  • Training & Career Development Programs
  • Fulltime
Read More
Arrow Right

Intelligence Intermediate Analyst

CSIS GSIC Intelligence Intermediate Analyst role responsible for executing threa...
Location
Location
Singapore , Singapore
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • At least two to five years or relevant academic experience
  • Previous experience with private sector organization preferred
  • Analytic experience related to intelligence analysis, geopolitical risk, cyber threat intelligence analysis, statistical/data analysis
  • Ability to conduct effective qualitative and quantitative intelligence analysis
  • Knowledge of threat assessment and risk management strategies
  • Ability to participate in high-stakes incident and crisis response efforts
  • Effective communication and coordination skills for cross-functional teams
  • Ability to provide professional briefing to executives and stakeholders
  • Expertise in Windows and Microsoft Office products
  • Excellent communication and presentation skills
Job Responsibility
Job Responsibility
  • Execute threat intelligence monitoring and response, workplace violence, and traveler assistance day-to-day operations
  • Maintain effective interaction models with all CSIS anchors for timely incident notification
  • Collaborate with CSIS Strategic Intelligence analysts
  • Function as subject matter expert on physical security and geopolitical threats
  • Produce intelligence analytical assessments
  • Produce presentations and brief intelligence assessments to senior leadership
  • Identify intelligence gaps and coordinate with relevant teams
  • Maintain key CSIS GSIC performance indicators
  • Complete appropriate training
  • Train and mentor others
What we offer
What we offer
  • Paid Parental Leave Policy
  • Financial well-being support
  • Work-life balance programs
  • Generous paid time off packages
  • Extensive on-the-job training
  • Exposure to senior leaders
  • Professional development opportunities
  • Volunteerism opportunities
  • Fulltime
Read More
Arrow Right

Red Team Operations Manager

To lead, oversee, and quality assure the execution of Red Team engagements end-t...
Location
Location
United Kingdom
Salary
Salary:
Not provided
bugcrowd.com Logo
Bugcrowd
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Extensive experience leading and/or managing Red Team engagements in enterprise environments, preferably across multiple industries (e.g. finance, critical infrastructure, cloud / SaaS / OT)
  • Deep technical knowledge of exploitation, post-exploitation, lateral movement, persistence, command & control, evasion, privilege escalation
  • Good knowledge and experience with Blue Team controls e.g. IDS/IPS, SIEM, EDR, NGFW, log analysis, detection engineering, ideally experience in bypassing or evading them safely
  • Solid experience with modern cloud environments (Azure, AWS, GCP), hybrid / on-premise networks, potentially OT/IoT/industrial environments
  • Strong tradecraft / OpSec awareness around how to avoid detection and conduct operations with minimal operational risk
  • Familiarity with CREST / STAR / TIBER etc. and regulatory / compliance requirements in relevant geographies
  • Proven experience in threat intelligence ingestion, scenario design, mapping to relevant threat actors
  • Excellent written and verbal communication skills and able to produce high quality reports, executive summaries, interact with senior leadership, legal, compliance etc.
  • Good project / operations management skills with an eye for budgeting, scheduling, resource allocation, interfacing external/internal teams
  • Ability to make real-time decisions under pressure, to balance risk vs reward
Job Responsibility
Job Responsibility
  • Lead, oversee, and quality assure the execution of Red Team engagements end-to-end from scoping & planning, through execution, reporting, to debrief and capability development
  • Ensure that all operations are safe, legal, technically robust, aligned with threat intelligence, compliance frameworks, and deliver high value to customers
  • Act as a subject-matter expert and manager for both operations and sales / client-facing aspects of Red Team services
  • Lead multiple concurrent Red Team engagements across industries
  • Define, negotiate and document scope, objectives, rules of engagement, deliverables, constraints, escalation & approval pathways
  • Oversee milestone planning e.g. kick-offs, stand-ups, wash-ups, strategic debriefs
  • Manage resources e.g. operator assignments, tooling, support functions
  • Track engagement progress vs objectives, adjust as needed
  • Assess and manage technical risk ensuring that any red team activity minimises risk to customer operations, data, systems
  • Real-time decision making during operations around TTP deployment, bypass of defenses, managing detections or unexpected discovery
Read More
Arrow Right

Red Team Operations Manager

To lead, oversee, and quality assure the execution of Red Team engagements end-t...
Location
Location
Australia
Salary
Salary:
Not provided
bugcrowd.com Logo
Bugcrowd
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Extensive experience leading and/or managing Red Team engagements in enterprise environments, preferably across multiple industries (e.g. finance, critical infrastructure, cloud / SaaS / OT)
  • Deep technical knowledge of exploitation, post-exploitation, lateral movement, persistence, command & control, evasion, privilege escalation
  • Good knowledge and experience with Blue Team controls e.g. IDS/IPS, SIEM, EDR, NGFW, log analysis, detection engineering, ideally experience in bypassing or evading them safely
  • Solid experience with modern cloud environments (Azure, AWS, GCP), hybrid / on-premise networks, potentially OT/IoT/industrial environments
  • Strong tradecraft / OpSec awareness around how to avoid detection and conduct operations with minimal operational risk
  • Familiarity with CREST / STAR / TIBER etc. and regulatory / compliance requirements in relevant geographies
  • Proven experience in threat intelligence ingestion, scenario design, mapping to relevant threat actors
  • Excellent written and verbal communication skills and able to produce high quality reports, executive summaries, interact with senior leadership, legal, compliance etc.
  • Good project / operations management skills with an eye for budgeting, scheduling, resource allocation, interfacing external/internal teams
  • Ability to make real-time decisions under pressure, to balance risk vs reward
Job Responsibility
Job Responsibility
  • Lead multiple concurrent Red Team engagements across industries
  • Define, negotiate and document scope, objectives, rules of engagement, deliverables, constraints, escalation & approval pathways
  • Oversee milestone planning e.g. kick-offs, stand-ups, wash-ups, strategic debriefs
  • Manage resources e.g. operator assignments, tooling, support functions
  • Track engagement progress vs objectives, adjust as needed
  • Assess and manage technical risk ensuring that any red team activity minimises risk to customer operations, data, systems
  • Real-time decision making during operations around TTP deployment, bypass of defenses, managing detections or unexpected discovery
  • Review and approve attack plans, threat modelling, intelligence
  • Ensure operators employ strong operational security (OpSec), safe tradecraft, evidence collection, clean up post-engagement
  • Maintain up-to-date knowledge of Red Team tools, adversary TTPs, defensive controls, detection systems
Read More
Arrow Right