Cyber Threat Intelligence Team Lead

Location: San Francisco, California, United States

Department: Embedded Consulting Services

Workplace: remote

Employment Type: full

Description

The Cyber Threat Intelligence Team Lead will play a pivotal role in building and leading a world-class Cyber Intelligence program for a major client of Control Risks. This role will be responsible for developing the strategy, building out capabilities, and leading a team of security professionals to proactively detect, triage, and respond to cyber threats.

This position provides technical direction and administrative oversight on all cybersecurity matters, ensuring the protection of the client’s systems, networks, and data. The Manager supports a strong first line ownership model by partnering with technology and business stakeholders to embed security into planning, development, and operational activities.

• Working closely with client stakeholder, build, manage, and scale a Cyber Threat Intelligence Team from the ground up.
• Lead on Developing Standard Operating Procedures for threat intelligence activities, taking into account specific client activities and stakeholders, such as tooling, reporting lines, and out of hours incidents.
• Lead on managing most severe and critical cyber security incidents including supporting incident responders with reporting, updates and investigations to aid incident response and crisis management in a timely, accurate and professional manner.
• Train, and mentor threat intelligence analysts, engineers, and threat hunters.
• Establish operational processes, escalation paths, and playbooks.
• Oversee the triage of cyber events, ensuring rapid identification, investigation, and remediation.
• Manage incident response activities, coordinating across IT, Legal, Risk, and other stakeholders.
• Develop metrics, KPIs, and reporting to measure SOC effectiveness.
• Lead proactive threat hunting operations to identify potential compromises and undetected malicious activity.
• Integrate threat intelligence into SOC workflows and leverage intelligence to inform response and prevention strategies.
• Evaluate and optimize the client’s technology stack (SIEM, SOAR, EDR, threat intelligence platforms, etc.).
• Drive continuous improvement of detection rules, automation, and response capabilities.
• Recommend emerging tools and processes to enhance maturity.
• Conduct regular check-ins, provide coaching and feedback, manage performance reviews and improvement plans, and support career development with the members of your team.  
• Serve as the main liaison between team members and ECS program management team, ensuring timely program and personnel updates and controlling quality on client deliverables.  
• With the support of the Talent Acquisition team, participate in hiring processes ensuring team resourcing aligns with client expectations and program needs.
• Lead onboarding tasks (e.g., joiner tickets, scheduling, equipment, success plans), manage offboarding logistics and leaver tickets, and ensure operational continuity.  
• Manage team schedules, approve PTO, ensure timesheet compliance, and maintain a consistent high-quality service to the client.  
• Working closely with the ECS program management team, align on overall program strategy and priorities to create clear, actionable, team deliverables.

Requirements

• 10-12 years of experience in cybersecurity, cyber threat intelligence, or cyber security operations.
• Leadership in an threat intelligence environment a plus
• Ability to distil highly technical information into more business centric, risk orientated language for presentation to senior leadership.
• Experience with: Splunk (or other event monitoring capability), Crowdstrike, RecordedFuture, MS sentinel, SentinelOne, OpenCTI, MISP, Proofpoint.
• Deep knowledge of incident response, digital forensics, malware analysis, and threat intelligence.
• Hands-on experience with SOC technologies such as SIEM, SOAR, EDR, IDS/IPS, and log management tools.
• Strong understanding of MITRE ATT&CK framework, NIST Cybersecurity Framework, and industry best practices.
• Excellent leadership, communication, and stakeholder management skills.
• Relevant certifications preferred: CISSP, CISM, GIAC (GSOM and GCTI), or equivalent.

Benefits

Control Risks offers a competitively positioned compensation and benefits package that is transparent and summarized in the full job offer.

• Medical Benefits, Prescription Benefits, FSA, Dental Benefits, Vision Benefits, Life and AD&D, Voluntary Life and AD&D, Disability Benefits, Voluntary Benefits, 401 (K) Retirement, Nationwide Pet Insurance, Employee Assistance Program.
• As an equal opportunities employer, we encourage suitably qualified applicants from a wide range of backgrounds to apply and join us and are fully committed to equal treatment, free from discrimination, of all candidates throughout our recruitment process.

The base salary range for this position is $160,000-185,000 per year. Exact compensation offered may vary depending on job-related knowledge, skills, and experience.

Control Risks is committed to a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age or veteran status. If you require any reasonable adjustments to be made in order to participate fully in the interview process, please let us know and we will be happy to accommodate your needs.

Control Risks participates in the E-Verify program to confirm employment authorization of all newly hired employees. The E-Verify process is completed during new hire onboarding and completion of the Form I-9, Employment Eligibility Verification, at the start of employment. E-Verify is not used as a tool to pre-screen candidates. For more information on E-Verify, please visit www.uscis.gov.