This is a senior, highly technical role within CRAFT, built for complex problem-solving beyond standard operational procedures . You will work across stealthy, long-dwell intrusion patterns and advanced tradecraft including credential abuse, supply chain targeting, living-off-the-land techniques, custom malware, infrastructure obfuscation, and exploitation of emerging vulnerabilities, including potential AI-augmented attacker behavior. Success looks like faster, higher-confidence investigative outcomes, stronger detections, and reduced dependency on ad hoc support from already constrained operational teams. Hands-on technical research and analysis of cyber espionage activity, including APT TT - Ps, adversary infrastructure, and intrusion lifecycle behaviors, and you will translate technical detail into clear, actionable guidance for operational response. You will augment Cyber. Ops during high-priority incidents by providing rapid investigation support, hypothesis-driven analysis, and durable outputs such as detection logic, enrichment, and incident-ready playbook improvements. You will build practical technical solutions like scripts, automation, enrichment tools, detection prototypes, and AI-assisted analysis workflows, that shorten time-to-answer and raise consistency across investigations . You will drive deeper research into nation-state threats, emerging vulnerabilities, supplier risk, AI-enabled threat activity, and targeted campaigns relevant to the firm, producing outputs that directly inform operational readiness and prioritization. You will bridge intelligence, attack analysis, vulnerability management, and supplier threat response by enabling two-way collaboration across Cyber. Ops. Required Qualifications:Over 20 years of conducting technical intrusion analysis and cyber threat research focused on sophisticated adversaries (espionage-aligned tradecraft). Demonstrated ability to produce operationally useful outcomes: detections, enrichment, triage improvements, and clear technical write-ups that drive action. Strong understanding of attacker behaviors across credential misuse, persistence, lateral movement, data staging, covert exfiltration, and stealth techniques . Proven capability to build and maintain lightweight automation to support investigations (scripts, parsers, enrichment utilities, workflow tooling). Strong judgment handling sensitive information and operating within controlled security and risk constraints.