jobloom

JobLoom finds jobs directly from company career sites before many job boards, then routes you into detailed role pages like this one.

other

Posted Yesterday

Investigator - Northern Virginia

at SpyCloud

Mclean, United StatesOn-site
Pythonawscustomer-supportgolangrecruitingtypescript

Responsibilities

  • Conduct all-source investigations using breach data, malware-exfiltrated logs, OSINT, and commercially available information to attribute threat actors, map adversary infrastructure, and assess identity and credential exposure.
  • Analyze infostealer log files to extract credential exposure, behavioral indicators, and infrastructure intelligence relevant to ongoing analytical requirements.
  • Integrate large language models and AI tooling into investigative workflows -- building prompts, synthesizing multi-source data, and validating outputs against primary evidence.
  • Develop and document reusable analytical workflows, prompt libraries, and notebook-based processes that improve team throughput and consistency.
  • Deliver product training and live capability demonstrations to cleared government personnel, tailoring content to the analytical mission and maturity of each audience.
  • Build scenario-based training materials and leave-behind products drawn from real investigation findings.
  • Support onboarding of new customers and users, helping them connect SpyCloud capabilities to their specific analytical requirements.
  • Track RFI fulfillment, investigative outcomes, and analyst credit usage, reporting results to SpyCloud leadership.

Requirements

  • The analyst will conduct original investigations, respond to requests for information, deliver training and capability demonstrations to cleared personnel, and develop AI-assisted analytical workflows using SpyCloud's platform and tooling. What You'll Do: Investigations
  • Pivot across SpyCloud data using the Investigations Portal, API, and Python-based notebooks to develop leads and close attribution gaps.
  • AI-Assisted Analysis
  • Stay current on emerging AI capabilities relevant to OSINT, CAI analysis, and analytical production.
  • Bachelor's degree in intelligence studies, computer science, cybersecurity, international relations, criminal justice, or a related field -- or five or more years of equivalent professional experience in lieu of a degree. Clearance
  • Active TS/SCI required.
  • experience supporting RFI pipelines and delivering analytical reports to operational or program stakeholders. Prior
  • experience delivering training or capability demonstrations to cleared analytical audiences.
  • Familiarity with adversary TTPs across one or more threat areas: cyber operations, foreign procurement, critical infrastructure, influence operations, or illicit finance. Technical Skills
  • Proficient in OSINT collection and CAI analysis: domain research, identity resolution, infrastructure mapping, and entity attribution. Practical
  • experience incorporating AI and large language models into analytical work, including prompt development and output validation.
  • Comfortable working with REST APIs and scripted data queries; Python preferred.
  • Familiarity with commercial investigative platforms and ability to adapt them to new data sources and mission requirements.
  • Familiarity with adversary analysis frameworks -- including MITRE ATT&CK, the Cyber Kill Chain, and the Diamond Model -- as contextual tools for structuring and communicating investigation findings.
  • Working knowledge of structured analytic techniques (SATs) for evaluating evidence, surfacing assumptions, and reducing analytical bias. Communication
  • Up to 25% travel required to support customer sites, training engagements, and community events. Nice to Have:
  • Foreign language proficiency in Russian, Mandarin, Farsi, Korean, or Spanish. •
  • Experience with cryptocurrency tracing or illicit finance analysis.
  • SpyCloud transforms recaptured darknet data to disrupt cybercrime.
  • Its automated identity threat protection solutions use advanced analytics and AI to accelerate investigations and protect workforce, consumer, and supplier identities from the threats that matter most: authentication bypass, session hijacking, malicious insiders, account takeover, ransomware, and fraud.

Benefits

  • Base Salary Range: $120,000 – $180,000
  • The salary range reflects the expected base compensation for a fully qualified candidate at this level based on experience, qualifications, and market data at the time of posting. U.S.-Based
  • Benefits + Perks (for Full Time Employees):
  • In addition to our engaging workspace in South Austin, flexible and remote-friendly work options, and competitive salary package, we offer our employees a comprehensive benefits package that includes:
  • 401(k) with Employer Contribution
  • Health, Vision, and Dental Insurance
  • Health Savings Account (HSA) available with Employer Contribution
  • Employer Paid Life, Short-term, and Long-term Disability Insurance
  • Generous PTO Plan and 16 paid holidays per year U.K.-Based
  • Retirement Savings Plan with Employer Contribution
  • Employer Provided Private Health Insurance and Healthcare Cashplan
  • Employer Paid Life Insurance and Income Replacement
  • Generous Holiday Plan and 14 paid holidays per year About SpyCloud:
  • This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.
  • Compensation Transparency Policy:
  • At SpyCloud, we believe in transparency and fairness in compensation.
  • We strive to ensure that all employees are fairly compensated for their contributions, and we openly discuss our compensation philosophy and structure.
  • We are committed to providing competitive salaries and
  • benefits packages to attract and retain top talent, and we encourage open dialogue and feedback regarding compensation matters.

Contact

  • To learn more and see insights on your company's exposed data, visit spycloud.com . Our Mission:
  • Anyone who suspects that they have been contacted by someone falsely representing SpyCloud should email careers@spycloud.com .

Additional details

  • SpyCloud is on a mission to make the internet a safer place by disrupting the criminal underground.
  • SpyCloud’s solutions thwart cyberattacks and protect more than 4 billion accounts worldwide.
  • Cybersecurity is an exciting, evolving space, and being at the forefront of the fight to disrupt cybercrime makes SpyCloud a special place to work.
  • If you’re driven to align your career with a fantastic mission, look no further!
  • This is a customer-facing role supporting government and IC-aligned customers across a range of national security mission areas.
  • Respond to requests for information from government and program stakeholders, producing analytical reports and investigation packages on short timelines.
  • Represent SpyCloud at relevant community events, conferences, and working groups as needed. Requirements: Education
  • Preferred background: Department of Defense, Defense Intelligence Agency, Central Intelligence Agency, or affiliate of the Intelligence Community. • Experience
  • Five or more years in an all-source, OSINT, or CAI analytical role within a government, defense, or IC-aligned environment. Demonstrated
  • Writes clear, well-structured analytical reports: BLUF-first, properly sourced, readable by both analysts and senior leaders.

Find more real-time jobs on JobLoom.