Director, Threat Intelligence Research

Director, Threat Intelligence Research

At Arctic Wolf, you won't just watch the cybersecurity industry evolve – you'll help lead the change. Our global Pack is made up of people who thrive on solving hard problems, moving fast, and building technology that protects organizations around the world. We're proud to be recognized by Forbes, CNBC, Fortune, CRN, Bartner Peer Insights and IDC MarketScape – but what matters most is the work behind it: delivering real outcomes for customers through award winning innovation like our Aurora Platform.

If you're looking for meaningful work, smart teammates and the chance to make a real impact in a high-growth company that's redefining security operations, Arctic Wolf is the right place for you!

Our mission is simple: End Cyber Risk. We're looking for a Director, Threat Intelligence Research to be part of making that happen.

About the Role

This senior leadership role owns the strategy and execution of Cyber Threat Intelligence (CTI) at Arctic Wolf, an AI-native security operations company. The mission is singular: anticipate what will hurt our customers, and translate that foresight into prioritized, contextual intelligence that directly drives detection engineering, threat operations, and product outcomes. The Director leads multiple intelligence teams, sets collection and analytic priorities tied to Arctic Wolf's customer base, and builds an agentic-first operating model that transforms CTI into the engine of an AI-native security organization. The role is also a primary public face of Arctic Wolf threat research, driving rapid-response publications, executive briefings, media engagement, and industry keynotes that establish the company's authority in the threat landscape, on par with the standard set by leading research programs in the industry.

Job Scope

Owns the vision and execution of Arctic Wolf's Cyber Threat Intelligence function. Directs multiple intelligence teams, defines collection and analytic priorities tied to customer risk, and is accountable for the speed, relevance, and downstream impact of intelligence on detection engineering, threat operations, and product.

Key Responsibilities

• Drive detection engineering through intelligence-led collection and prioritization, ensuring every campaign, TTP, and threat actor tracked translates into a ranked detection backlog tied to customer risk.
• Anticipate what will hurt customers: define collection priorities, PIRs, and coverage goals grounded in Arctic Wolf's customer base, sectors, attack surface, and adversary landscape.
• Lead the rapid-response function for high-severity events (zero-days, mass exploitation, breach disclosures, geopolitically driven campaigns), coordinating cross-functional response and public communications.
• Partner with Data Science, Threat Operations, Detection Engineering, Product Management, and Engineering to productize intelligence, turning research into customer-facing capabilities, signals, and content.
• Build an agentic-first operating model: codify intelligence workflows as agentic systems, evaluate and adopt frontier AI tooling, and lead the team's transformation into AI-native analysts.
• Set the internal CTI frameworks (PIRs, ATT&CK alignment, attribution discipline, confidence and probability language, intel-to-detection pipeline) used across the company.

Expert Positioning Goal:

• Establish Arctic Wolf as a recognized authority in threat research through rapid-response publications, blogs, podcasts, and original research reports.
• Engage with PR, Communications, and Marketing to ensure timely, accurate, and high-impact external messaging during major incidents and disclosures, and to amplify research that defines the company's voice in the market.
• Speak at top-tier industry and government forums (e.g., RSA, Black Hat, FIRST, SANS Summits, FS-ISAC, InfraGard, ISAC and government exchanges) and represent Arctic Wolf in public-private partnerships.
• Brief customers, executives, and boards on the threats most relevant to their environment, sector, and risk profile.

Example Key Results:

• Launched an intelligence-driven detection prioritization program that measurably increased coverage of customer-relevant TTPs and reduced time from intel surface to deployed detection.
• Stood up a rapid-response capability that delivered authoritative public analysis of major incidents within hours, generating earned media, customer trust, and measurable share-of-voice in the threat research community.
• Transformed CTI workflows to agentic-first, with documented gains in throughput and analyst leverage; established AI-native tradecraft as the team standard.
• Productized intelligence outputs in partnership with Product, Data Science, and Engineering, shipping customer-facing capabilities, signals, and content packs that materially improved customer protection.

Complexity & Problem Solving

Leads strategic vision-setting at the intersection of threat research, detection engineering, AI and agentic systems, and product. Solves complex org-wide problems involving collection prioritization, intelligence-to-detection pipelines, attribution under uncertainty, AI-native workflow design, and cross-functional alignment with Data Science, Threat Operations, Detection Engineering, Product Management, and Engineering.

Knowledge & Experience

• Demonstrated leadership of a regional or global CTI function with direct, measurable impact on detection engineering, threat operations, or product outcomes — ideally within an MDR, MSSP, EDR/XDR, or major incident response practice.
• Expertise in threat actor attribution, campaign tracking, TTP analysis, and translating intelligence into ranked detection priorities and customer-relevant guidance.
• Hands-on track record of operating in agentic and AI-native workflows: building, evaluating, or leading teams that use LLM agents, retrieval pipelines, and automation as a primary mode of work, not as an experiment.
• Proven ability to partner with Data Science, Detection Engineering, Threat Operations, and Product Management to productize intelligence capabilities and ship customer-facing outcomes.
• Experience leading rapid-response programs and serving as a public-facing voice during major incidents: blogs, briefings, podcasts, conference keynotes, and earned media engagement with PR and Communications.
• Experience engaging with senior stakeholders, executive and board briefings, and public-private partnerships (e.g., ISACs, industry coalitions, government exchanges).
• Has developed other managers; strong people leadership skills with a bias toward building small, senior, AI-leveraged teams.
• Able to define and execute long-term intelligence strategies and metrics aligned with customer protection, detection coverage, time-to-detection for emerging threats, and product outcomes.

Collaboration & Interaction

Interfaces daily with Detection Engineering, Threat Operations, Data Science, Product Management, and Engineering leadership to align intelligence to customer protection. Engages senior leaders, customers, public/private coalitions, regulators, media, and the broader security community; shapes the team's external presence and reputation as a primary public face of Arctic Wolf threat research.

Achieve Results

Drives intelligence programs whose impact is measured in customer protection, detection coverage, time-to-detection for emerging threats, productized capabilities shipped, and earned authority in the threat research community. Develops managers and senior individual contributors operating natively with agentic systems.

About Arctic Wolf At Arctic Wolf, we foster a collaborative and inclusive work environment that thrives on diversity of thought, background, and culture. This is reflected in our multiple awards, including Top Workplace USA (2021-2024), Best Places to Work – USA (2021-2024), Great Place to Work – Canada (2021-2024), Great Place to Work – UK (2024), and Kununu Top Company – Germany (2024). Our commitment to bold growth and shaping the future of security operations is matched by our dedication to customer satisfaction, with over 7,000 customers worldwide and more than 2,000 channel partners globally. As we continue to expand globally and enhance our technology, Arctic Wolf remains the most trusted name in the industry. Our Values Arctic Wolf recognizes that success comes from delighting our customers, so we work together to ensure that happens every day. We believe in diversity and inclusion and truly value the unique qualities and unique perspectives all employees bring to the organization. And we appreciate that—by protecting people's and organizations' sensitive data and seeking to end cyber risk— we get to work in an industry that is fundamental to the greater good. We celebrate unique perspectives by creating a platform for all voices to be heard through our Pack Unity program. We encourage all employees to join or create a new alliance. See more about our Pack Unity here. We also believe and practice corporate responsibility, and have recently joined the Pledge 1% Movement, ensuring that we continue to give back to our community. We know