At Arctic Wolf, you wonât just watch the cybersecurity industry evolve â you'll help lead the change. Our global Pack is made up of people who thrive on solving hard problems, moving fast, and building technology that protects organizations around the world. Weâre proud to be recognized by Forbes, CNBC, Fortune, CRN, Bartner Peer Insights and IDC MarketScape â but what matters most is the work behind it: delivering real outcomes for customers through award winning innovation like our Aurora Platform.
If youâre looking for meaningful work, smart teammates and the chance to make a real impact in a high-growth company thatâs redefining security operations, Arctic Wolf is the right place for you!
Our mission is simple: End Cyber Risk. Weâre looking for a Director, Threat Intelligence Research to be part of making that happen.
About the Role
This senior leadership role owns the strategy and execution of Cyber Threat Intelligence (CTI) at Arctic Wolf, an AI-native security operations company. The mission is singular: anticipate what will hurt our customers, and translate that foresight into prioritized, contextual intelligence that directly drives detection engineering, threat operations, and product outcomes. The Director leads multiple intelligence teams, sets collection and analytic priorities tied to Arctic Wolfâs customer base, and builds an agentic-first operating model that transforms CTI into the engine of an AI-native security organization. The role is also a primary public face of Arctic Wolf threat research, driving rapid-response publications, executive briefings, media engagement, and industry keynotes that establish the companyâs authority in the threat landscape, on par with the standard set by leading research programs in the industry.
Job Scope
Owns the vision and execution of Arctic Wolfâs Cyber Threat Intelligence function. Directs multiple intelligence teams, defines collection and analytic priorities tied to customer risk, and is accountable for the speed, relevance, and downstream impact of intelligence on detection engineering, threat operations, and product.
Key Responsibilities
Drive detection engineering through intelligence-led collection and prioritization, ensuring every campaign, TTP, and threat actor tracked translates into a ranked detection backlog tied to customer risk.
Anticipate what will hurt customers: define collection priorities, PIRs, and coverage goals grounded in Arctic Wolfâs customer base, sectors, attack surface, and adversary landscape.
Lead the rapid-response function for high-severity events (zero-days, mass exploitation, breach disclosures, geopolitically driven campaigns), coordinating cross-functional response and public communications.
Partner with Data Science, Threat Operations, Detection Engineering, Product Management, and Engineering to productize intelligence, turning research into customer-facing capabilities, signals, and content.
Build an agentic-first operating model: codify intelligence workflows as agentic systems, evaluate and adopt frontier AI tooling, and lead the teamâs transformation into AI-native analysts.
Set the internal CTI frameworks (PIRs, ATT&CK alignment, attribution discipline, confidence and probability language, intel-to-detection pipeline) used across the company.
Expert Positioning Goal:
Establish Arctic Wolf as a recognized authority in threat research through rapid-response publications, blogs, podcasts, and original research reports.
Engage with PR, Communications, and Marketing to ensure timely, accurate, and high-impact external messaging during major incidents and disclosures, and to amplify research that defines the companyâs voice in the market.
Speak at top-tier industry and government forums (e.g., RSA, Black Hat, FIRST, SANS Summits, FS-ISAC, InfraGard, ISAC and government exchanges) and represent Arctic Wolf in public-private partnerships.
Brief customers, executives, and boards on the threats most relevant to their environment, sector, and risk profile.
Example Key Results:
Launched an intelligence-driven detection prioritization program that measurably increased coverage of customer-relevant TTPs and reduced time from intel surface to deployed detection.
Stood up a rapid-response capability that delivered authoritative public analysis of major incidents within hours, generating earned media, customer trust, and measurable share-of-voice in the threat research community.
Transformed CTI workflows to agentic-first, with documented gains in throughput and analyst leverage; established AI-native tradecraft as the team standard.
Productized intelligence outputs in partnership with Product, Data Science, and Engineering, shipping customer-facing capabilities, signals, and content packs that materially improved customer protection.
Complexity & Problem Solving
Leads strategic vision-setting at the intersection of threat research, detection engineering, AI and agentic systems, and product. Solves complex org-wide problems involving collection prioritization, intelligence-to-detection pipelines, attribution under uncertainty, AI-native workflow design, and cross-functional alignment with Data Science, Threat Operations, Detection Engineering, Product Management, and Engineering.
Knowledge & Experience
Demonstrated leadership of a regional or global CTI function with direct, measurable impact on detection engineering, threat operations, or product outcomes â ideally within an MDR, MSSP, EDR/XDR, or major incident response practice.
Expertise in threat actor attribution, campaign tracking, TTP analysis, and translating intelligence into ranked detection priorities and customer-relevant guidance.
Hands-on track record of operating in agentic and AI-native workflows: building, evaluating, or leading teams that use LLM agents, retrieval pipelines, and automation as a primary mode of work, not as an experiment.
Proven ability to partner with Data Science, Detection Engineering, Threat Operations, and Product Management to productize intelligence capabilities and ship customer-facing outcomes.
Experience leading rapid-response programs and serving as a public-facing voice during major incidents: blogs, briefings, podcasts, conference keynotes, and earned media engagement with PR and Communications.
Experience engaging with senior stakeholders, executive and board briefings, and public-private partnerships (e.g., ISACs, industry coalitions, government exchanges).
Has developed other managers; strong people leadership skills with a bias toward building small, senior, AI-leveraged teams.
Able to define and execute long-term intelligence strategies and metrics aligned with customer protection, detection coverage, time-to-detection for emerging threats, and product outcomes.
Collaboration & Interaction
Interfaces daily with Detection Engineering, Threat Operations, Data Science, Product Management, and Engineering leadership to align intelligence to customer protection. Engages senior leaders, customers, public/private coalitions, regulators, media, and the broader security community; shapes the teamâs external presence and reputation as a primary public face of Arctic Wolf threat research.
Achieve Results
Drives intelligence programs whose impact is measured in customer protection, detection coverage, time-to-detection for emerging threats, productized capabilities shipped, and earned authority in the threat research community. Develops managers and senior individual contributors operating natively with agentic systems.
About Arctic Wolf
At Arctic Wolf, we foster a collaborative and inclusive work environment that thrives on diversity of thought, background, and culture. This is reflected in our multiple awards, including Top Workplace USA (2021-2024), Best Places to Work â USA (2021-2024), Great Place to Work â Canada (2021-2024), Great Place to Work â UK (2024), and Kununu Top Company â Germany (2024). Our commitment to bold growth and shaping the future of security operations is matched by our dedication
arcticwolf