CrawlJobs Logo
Microsoft Corporation Logo Microsoft Corporation · IT - Software Development

Threat Intelligence Manager

United States, Redmond 165600.00 - 296400.00 USD / Year · Job Posted May 27, 2026
Apply Position
Job Link Share

Job Description

Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions. The Microsoft Security organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Security is a core priority for Microsoft, and threat intelligence is fundamental to how we protect customers at global scale. We are seeking a Manager / Leader of Threat Intelligence Security Analysts to lead a U.S.-based team focused on tracking criminal threat actors and transforming intelligence into insights, recommendations, and protective outcomes that help defend customers, platforms, and services. In this role, you will lead a high-performing team of analysts responsible for understanding adversary behavior, identifying emerging threats, and delivering actionable intelligence that informs security operations, product strategy, and engineering investments. You will bring an engineering-minded approach to intelligence leadership, using data, tooling, automation, and AI to improve how the team operates and how intelligence is produced, scaled, and operationalized. A key part of this role is building a hybrid human + agentic operating model. You will define how analysts and AI-powered systems work together to accelerate research, surface insights, improve analytic quality, and increase the impact of the team. You will partner closely with engineering, product, research, and security organizations to convert intelligence into durable customer value.This role is ideal for a leader with deep threat intelligence expertise, a track record of organizational leadership, strong industry relationships, and the ability to represent Microsoft credibly across the security community.

Job Responsibility

  • Lead, coach, and grow a U.S.-based team of Threat Intelligence Security Analysts focused on tracking criminal threat actors, campaigns, infrastructure, and emerging trends.
  • Define the vision, strategy, and priorities for the team to deliver high-quality intelligence that drives customer protection and business impact.
  • Build and operationalize a hybrid human + agentic intelligence team, applying AI technologies, automation, and workflow innovation to improve scale, speed, and insight generation.
  • Foster an engineering-oriented culture that values technical depth, experimentation, continuous improvement, and measurable outcomes.
  • Partner across engineering, product, security research, detections, data science, and incident response teams to translate intelligence into protections, investigations, product improvements, and strategic decisions.
  • Drive production of clear, actionable intelligence outputs for technical teams, leadership, and external stakeholders, including actor assessments, campaign analysis, strategic reporting, and executive briefings.
  • Establish and maintain analytic standards, tradecraft, quality controls, and operating mechanisms for the team.
  • Develop trusted relationships across the intelligence community, including industry partners, external organizations, and agencies engaged in tracking criminal threat actors.
  • Represent Microsoft through customer engagements, industry forums, and presentations at security conferences and other external events.
  • Hire and develop diverse talent, build an inclusive and high-performing team culture, and create an environment where analysts can do their best work.

Requirements

  • Doctorate in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 5+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection.
  • OR Master's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 6+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection.
  • OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 8+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection.
  • OR equivalent experience.
  • 3+ years people management experience.
  • Ability to meet Microsoft, customer and/or government security screening requirements are required for this role.
  • Microsoft Cloud Background Check: This position will be required to pass the Microsoft background and Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Nice to have

  • Doctorate in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 8+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection.
  • OR Master's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 12+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection.
  • OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 15+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection.
  • OR equivalent experience.
  • 5+ years people management experience.
  • 7+ years of experience in security and threat intelligence.
  • 3+ years of experience managing large teams in security, intelligence, or related domains.
  • Experience tracking criminal threat actors and producing intelligence used to inform protection, detection, disruption, or response outcomes.
  • Experience leading through cross-functional influence and partnering effectively with engineering and product organizations.
  • Experience applying AI, automation, or advanced tooling to improve analyst workflows and team effectiveness.
  • Proven ability to communicate clearly with both technical and executive audiences.
  • Demonstrated engineering mindset, with a ability to solve problems using tools, systems, automation, and AI.
  • Experience building or leading hybrid human + agentic teams or equivalent AI-augmented operating models.
  • Proven track record of presenting at recognized security conferences and representing an organization externally.
  • Network across intelligence partners, industry peers, and agencies involved in tracking threat actors.
  • Experience scaling intelligence programs in complex, global, or product-driven environments.
Microsoft Corporation - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Threat Intelligence Manager

8 matching positions

Lead Threat Intelligence Analyst

We are looking for a Lead Threat Intelligence Analyst. In this role, you'll be a...
Location
Location
United States , New York
Salary
Salary:
133900.00 - 198160.00 USD / Year
take2games.com Logo
Take-Two Interactive Software, Inc.
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • At least 5-7 years of experience in cybersecurity
  • Minimum of 3 years in a dedicated threat intelligence role
  • Strong understanding of the cyber threat landscape, including knowledge of threat actor groups, common attack vectors, and malware families
  • Proven ability to analyze complex data from various sources (e.g., open-source intelligence, dark web forums, technical reports) to form a cohesive threat picture
  • Familiarity with common threat intelligence frameworks like MITRE ATT&CK, the Cyber Kill Chain, and Diamond Model
  • Excellent written and verbal communication skills, with the ability to present technical information clearly to both technical and non-technical audiences
  • Experience with threat intelligence platforms (TIPs), security information and event management (SIEM) systems, and forensic tools
Job Responsibility
Job Responsibility
  • Lead the design, development, and continuous improvement of the organization’s cyber threat intelligence (CTI) program
  • Perform deep-dives into cyber threats, including analyzing malware, understanding adversary tactics, techniques, and procedures (TTPs), and tracking threat actor groups
  • Create and refine threat models and frameworks to predict and prepare for potential attacks
  • Work with our Global Security Operations Center (GSOC), Detection Engineering, Automation Engineers and Incident Response teams to integrate threat intelligence into our detection and prevention systems
  • Generate timely and high-quality intelligence/Threat Landscape reports, risk forecasts and alerts for technical and executive audiences
  • Promote automation of indicator ingestion, correlation, and dissemination across GSOC, Automation and IR platforms
  • Define and track key performance indicators (KPIs) for the threat intelligence program
  • Conduct periodic maturity assessments of the threat intelligence function
  • Provide guidance and mentorship to junior analysts
What we offer
What we offer
  • Medical (HSA & FSA)
  • dental
  • vision
  • 401(k) with company match
  • employee stock purchase plan
  • commuter benefits
  • in-house wellness program
  • broad learning & development opportunities
  • a charitable giving platform with company match
  • Fitness allowance
  • Fulltime
Read More
Arrow Right

Lead Threat Intelligence Analyst

We are looking for a Lead Threat Intelligence Analyst. In this role, you'll be a...
Location
Location
Canada , Toronto
Salary
Salary:
Not provided
take2games.com Logo
Take-Two Interactive Software, Inc.
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • At least 5-7 years of experience in cybersecurity
  • Minimum of 3 years in a dedicated threat intelligence role
  • Strong understanding of the cyber threat landscape, including knowledge of threat actor groups, common attack vectors, and malware families
  • Proven ability to analyze complex data from various sources
  • Familiarity with common threat intelligence frameworks like MITRE ATT&CK, the Cyber Kill Chain, and Diamond Model
  • Excellent written and verbal communication skills
  • Experience with threat intelligence platforms (TIPs), security information and event management (SIEM) systems, and forensic tools
Job Responsibility
Job Responsibility
  • Lead the design, development, and continuous improvement of the organization’s cyber threat intelligence (CTI) program
  • Perform deep-dives into cyber threats, including analyzing malware, understanding adversary tactics, techniques, and procedures (TTPs), and tracking threat actor groups
  • Create and refine threat models and frameworks to predict and prepare for potential attacks
  • Work with our Global Security Operations Center (GSOC), Detection Engineering, Automation Engineers and Incident Response teams to integrate threat intelligence into our detection and prevention systems
  • Generate timely and high-quality intelligence/Threat Landscape reports, risk forecasts and alerts for technical and executive audiences
  • Promote automation of indicator ingestion, correlation, and dissemination across GSOC, Automation and IR platforms
  • Define and track key performance indicators (KPIs) for the threat intelligence program
  • Conduct periodic maturity assessments of the threat intelligence function
  • Provide guidance and mentorship to junior analysts
What we offer
What we offer
  • Medical (HSA & FSA), dental, vision
  • 401(k) with company match
  • Employee stock purchase plan
  • Commuter benefits
  • In-house wellness program
  • Broad learning & development opportunities
  • A charitable giving platform with company match
  • Fitness allowance
  • Employee discount programs
  • Free games & events
  • Fulltime
Read More
Arrow Right

Lead Threat Intelligence Analyst

We are looking for a Lead Threat Intelligence Analyst. In this role, you'll be a...
Location
Location
United States , Las Vegas
Salary
Salary:
Not provided
take2games.com Logo
Take-Two Interactive Software, Inc.
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • At least 5-7 years of experience in cybersecurity
  • Minimum of 3 years in a dedicated threat intelligence role
  • Strong understanding of the cyber threat landscape, including knowledge of threat actor groups, common attack vectors, and malware families
  • Proven ability to analyze complex data from various sources
  • Familiarity with common threat intelligence frameworks like MITRE ATT&CK, the Cyber Kill Chain, and Diamond Model
  • Excellent written and verbal communication skills
  • Experience with threat intelligence platforms (TIPs), security information and event management (SIEM) systems, and forensic tools
Job Responsibility
Job Responsibility
  • Lead the design, development, and continuous improvement of the organization’s cyber threat intelligence (CTI) program
  • Perform deep-dives into cyber threats, including analyzing malware, understanding adversary tactics, techniques, and procedures (TTPs), and tracking threat actor groups
  • Create and refine threat models and frameworks to predict and prepare for potential attacks
  • Work with our Global Security Operations Center (GSOC), Detection Engineering, Automation Engineers and Incident Response teams to integrate threat intelligence into our detection and prevention systems
  • Generate timely and high-quality intelligence/Threat Landscape reports, risk forecasts and alerts for technical and executive audiences
  • Promote automation of indicator ingestion, correlation, and dissemination across GSOC, Automation and IR platforms
  • Define and track key performance indicators (KPIs) for the threat intelligence program
  • Conduct periodic maturity assessments of the threat intelligence function
  • Provide guidance and mentorship to junior analysts
What we offer
What we offer
  • Medical (HSA & FSA)
  • dental
  • vision
  • 401(k) with company match
  • employee stock purchase plan
  • commuter benefits
  • in-house wellness program
  • broad learning & development opportunities
  • a charitable giving platform with company match
  • Fitness allowance
  • Fulltime
Read More
Arrow Right

Intelligence Group Manager

Intelligence Group Manager role in Citi Security and Investigative Services (CSI...
Location
Location
Singapore , Singapore
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6+ years of relevant experience
  • At least 3 years in a management role
  • Established experience in security operations
  • Experience working or managing a security center involved in CCTV monitoring/Response, Intrusion detection systems response, escalation and reporting
  • Familiarity with banking security regulations and compliance standards
  • Background in corporate security or critical infrastructure protection
  • Experience coordinating with law enforcement and intelligence agencies
  • Strong knowledge of threat assessment and risk management strategies
  • Familiarity with protective intelligence
  • Experience leading high-stakes incident and crisis response
Job Responsibility
Job Responsibility
  • Manage and execute Global Security and Intelligence Center operations
  • Manage and coach multidisciplinary and cross-functional team
  • Maintain effective interaction models with all CSIS Anchors
  • Collaborate with CSIS Project Management and Technology
  • Support Risk and Controls and Transformation
  • Maintain Key Performance Indicators
  • Coordinate execution of appropriate training
  • Develop and implement guidance around engagement with local enforcement and government agencies
  • Source and manage GSIC vendors and monitor KPIs
  • Assess risk when making business decisions
What we offer
What we offer
  • Paid Parental Leave Policy
  • Financial well-being programs
  • Work-life balance programs
  • Generous paid time off packages
  • Extensive on-the-job training
  • Exposure to senior leaders
  • Traditional learning opportunities
  • Volunteerism opportunities
  • Fulltime
Read More
Arrow Right

Head of cyber threat exposure and attack surface management

Lead the enterprise-wide Continuous Threat Exposure Management (CTEM) strategy, ...
Location
Location
United Kingdom , Knutsford
Salary
Salary:
Not provided
barclays.co.uk Logo
Barclays
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience in cybersecurity with direct exposure to vulnerability management, red teaming, or threat exposure reduction
  • Proven track record leading programs integrating CSPM, SSPM, ASM, BAS, or exposure correlation technologies
  • Strong understanding of attack paths, adversary emulation, and continuous validation concepts
Job Responsibility
Job Responsibility
  • Own and drive the global CTEM strategy, establishing a continuous, threat-driven exposure management lifecycle aligned with NIST, MITRE, and CISA Secure-by-Design principles
  • Lead and develop a high-performing CTEM team, fostering collaboration, technical excellence, and an outcome-driven culture
  • Integrate and oversee key exposure management technologies, including Cloud Security Posture Management (CSPM), SaaS Security Posture Management (SSPM), Attack Surface Management (ASM), Breach & Attack Simulation (BAS), and other exposure correlation platforms
  • Correlate assets, identity, vulnerability, and configuration to identify high-impact, exploitable attack paths and inform prioritized remediation strategies
  • Collaborate with Application Security, Vulnerability Management, Red Team, and Security Operations to synchronize discovery, validation, and remediation of exposures across the enterprise
  • Align CTEM outputs with real-world adversary behaviors, leveraging Red Team and Threat Intelligence input to validate attack paths and focus on exploitable conditions
  • Drive automation and AI-enabled analytics to continuously map, assess, and measure reductions in the organization’s attack surface
  • Translate technical findings into business risk language, enabling senior leadership and risk committees to make data-driven investment decisions
  • Define and lead CTEM governance and operating models, ensuring exposure assessments, validation, and remediation tracking are embedded in operational processes
  • Establish clear KRIs and maturity metrics that demonstrate continuous improvement in visibility, validation, and response effectiveness
What we offer
What we offer
  • Competitive holiday allowance
  • Life assurance
  • Private medical care
  • Pension contribution
  • Fulltime
Read More
Arrow Right

Protective Intelligence Analyst

The Protective Intelligence Analyst is responsible for supporting the executive ...
Location
Location
United States , Austin
Salary
Salary:
95000.00 USD / Year
aus.com Logo
Allied Universal®
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • A minimum of 3 years of recent protective intelligence experience supporting executive protection teams and principals, or 5+ years of equivalent military, law enforcement, or intelligence experience.
  • Bachelor’s degree in Intelligence Studies, International Relations, Homeland Security, or related field (or equivalent operational experience).
  • Formal Intelligence Training certification (Military, Government, Association, or Private Sector) required.
  • Advanced training in threat assessment, travel risk management, or protective intelligence preferred.
  • Skilled in open-source (OSINT) and social media research, threat monitoring, and incident verification.
  • Experience producing protective intelligence products—threat assessments, travel risk reports, route/residence assessments, and pre-travel advisories.
  • Ability to collect, vet, and analyze information using the intelligence cycle to create accurate, actionable, bias-mitigated reporting.
  • Strong understanding of global security, geopolitical risks, terrorism, crime, and crisis response as they relate to executive travel and operations.
  • Proven ability to support EP operations in real time, providing clear, concise, and timely threat updates to decision-makers.
  • Proficiency in Microsoft Office Suite and familiarity with protective intelligence platforms (e.g., Factal, Dataminr, Babel Street, LifeRaft, Echosec).
Job Responsibility
Job Responsibility
  • Threat Monitoring & Early Warning: Continuously monitor open sources, social media platforms, dark web, and client-specific intelligence tools for threats or hostile surveillance activity directed at principals, their families, residences, travel plans, or affiliated events.
  • Protective Research & Threat Analysis: Conduct in-depth research and analysis on persons of interest (POIs), hostile actors, and groups with the intent or capability to target principals. Assess motivations, capability, opportunity, and intent to identify potential attack indicators.
  • Travel Risk Intelligence: Provide proactive intelligence support to executive protection teams during domestic and international travel, including country risk assessments, route reconnaissance, hotel and venue security reviews, and incident monitoring during trips. Deliver timely updates to traveling principals and EP teams.
  • Protective Operations Support: Deliver actionable, real-time intelligence to EP teams in support of principal movements, protective advances, route planning, and residence/event security. Maintain constant threat environment awareness and communicate relevant changes.
  • Geopolitical & Environmental Risk Tracking: Monitor global and regional security issues, including terrorism, political unrest, crime trends, natural disasters, and health risks—that could affect principals’ safety during travel or at residences/events.
  • Actionable Reporting & Products: Produce timely, clear, and actionable intelligence products including: Threat assessments (strategic and tactical), Travel risk assessments (pre-trip and in-trip updates), Situation reports (SITREPs) and incident summaries, Route and location assessments (residences, hotels, venues, offices)
  • Threat Mitigation Recommendations: Provide practical, proportionate recommendations to EP teams on how to mitigate identified threats, risks, and vulnerabilities. Offer clear triggers and indicators for escalation or operational adjustments.
  • Database & Knowledge Management: Maintain a structured, cross-referenced database of threats, POIs, incidents, and lessons learned to support future operations and ensure continuity of protective intelligence programs.
  • Confidentiality & Security: Safeguard sensitive client information, personal identifiers, and operational details at all times, adhering to strict confidentiality and need-to-know principles.
  • Operational Integration: Serve as the intelligence liaison to executive protection, event security, and corporate security teams, ensuring protective intelligence is integrated into all protective operations.
What we offer
What we offer
  • Employee Assistance Program
  • Employee Discount Program
  • Tuition Discount Program
  • Training & Career Development Programs
  • Fulltime
Read More
Arrow Right

Intelligence Intermediate Analyst

CSIS GSIC Intelligence Intermediate Analyst role responsible for executing threa...
Location
Location
Singapore , Singapore
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • At least two to five years or relevant academic experience
  • Previous experience with private sector organization preferred
  • Analytic experience related to intelligence analysis, geopolitical risk, cyber threat intelligence analysis, statistical/data analysis
  • Ability to conduct effective qualitative and quantitative intelligence analysis
  • Knowledge of threat assessment and risk management strategies
  • Ability to participate in high-stakes incident and crisis response efforts
  • Effective communication and coordination skills for cross-functional teams
  • Ability to provide professional briefing to executives and stakeholders
  • Expertise in Windows and Microsoft Office products
  • Excellent communication and presentation skills
Job Responsibility
Job Responsibility
  • Execute threat intelligence monitoring and response, workplace violence, and traveler assistance day-to-day operations
  • Maintain effective interaction models with all CSIS anchors for timely incident notification
  • Collaborate with CSIS Strategic Intelligence analysts
  • Function as subject matter expert on physical security and geopolitical threats
  • Produce intelligence analytical assessments
  • Produce presentations and brief intelligence assessments to senior leadership
  • Identify intelligence gaps and coordinate with relevant teams
  • Maintain key CSIS GSIC performance indicators
  • Complete appropriate training
  • Train and mentor others
What we offer
What we offer
  • Paid Parental Leave Policy
  • Financial well-being support
  • Work-life balance programs
  • Generous paid time off packages
  • Extensive on-the-job training
  • Exposure to senior leaders
  • Professional development opportunities
  • Volunteerism opportunities
  • Fulltime
Read More
Arrow Right

Red Team Operations Manager

To lead, oversee, and quality assure the execution of Red Team engagements end-t...
Location
Location
United Kingdom
Salary
Salary:
Not provided
bugcrowd.com Logo
Bugcrowd
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Extensive experience leading and/or managing Red Team engagements in enterprise environments, preferably across multiple industries (e.g. finance, critical infrastructure, cloud / SaaS / OT)
  • Deep technical knowledge of exploitation, post-exploitation, lateral movement, persistence, command & control, evasion, privilege escalation
  • Good knowledge and experience with Blue Team controls e.g. IDS/IPS, SIEM, EDR, NGFW, log analysis, detection engineering, ideally experience in bypassing or evading them safely
  • Solid experience with modern cloud environments (Azure, AWS, GCP), hybrid / on-premise networks, potentially OT/IoT/industrial environments
  • Strong tradecraft / OpSec awareness around how to avoid detection and conduct operations with minimal operational risk
  • Familiarity with CREST / STAR / TIBER etc. and regulatory / compliance requirements in relevant geographies
  • Proven experience in threat intelligence ingestion, scenario design, mapping to relevant threat actors
  • Excellent written and verbal communication skills and able to produce high quality reports, executive summaries, interact with senior leadership, legal, compliance etc.
  • Good project / operations management skills with an eye for budgeting, scheduling, resource allocation, interfacing external/internal teams
  • Ability to make real-time decisions under pressure, to balance risk vs reward
Job Responsibility
Job Responsibility
  • Lead, oversee, and quality assure the execution of Red Team engagements end-to-end from scoping & planning, through execution, reporting, to debrief and capability development
  • Ensure that all operations are safe, legal, technically robust, aligned with threat intelligence, compliance frameworks, and deliver high value to customers
  • Act as a subject-matter expert and manager for both operations and sales / client-facing aspects of Red Team services
  • Lead multiple concurrent Red Team engagements across industries
  • Define, negotiate and document scope, objectives, rules of engagement, deliverables, constraints, escalation & approval pathways
  • Oversee milestone planning e.g. kick-offs, stand-ups, wash-ups, strategic debriefs
  • Manage resources e.g. operator assignments, tooling, support functions
  • Track engagement progress vs objectives, adjust as needed
  • Assess and manage technical risk ensuring that any red team activity minimises risk to customer operations, data, systems
  • Real-time decision making during operations around TTP deployment, bypass of defenses, managing detections or unexpected discovery
Read More
Arrow Right