Skip to main content
Back to jobs

Investigator - Huntsville, AL

External
spycloud logoSpycloud · Huntsville, AL
Full-timeOn-site1d ago
LeadershipPythonREST
Cover LetterConnect

Prepare for this interview

Elite

AI-generated questions, company research, and talking points tailored to this role

Responsibilities

  • Investigations
  • Conduct all-source investigations using breach data, malware-exfiltrated logs, OSINT, and commercially available information to attribute threat actors, map adversary infrastructure, and assess identity and credential exposure.
  • Respond to requests for information from government and program stakeholders, producing analytical reports and investigation packages on short timelines.
  • Analyze infostealer log files to extract credential exposure, behavioral indicators, and infrastructure intelligence relevant to ongoing analytical requirements.
  • Pivot across SpyCloud data using the Investigations Portal, API, and Python-based notebooks to develop leads and close attribution gaps.
  • AI-Assisted Analysis
  • Integrate large language models and AI tooling into investigative workflows -- building prompts, synthesizing multi-source data, and validating outputs against primary evidence.
  • Develop and document reusable analytical workflows, prompt libraries, and notebook-based processes that improve team throughput and consistency.
  • Stay current on emerging AI capabilities relevant to OSINT, CAI analysis, and analytical production.
  • Training and Customer Support
  • Deliver product training and live capability demonstrations to cleared government personnel, tailoring content to the analytical mission and maturity of each audience.
  • Build scenario-based training materials and leave-behind products drawn from real investigation findings.
  • Support onboarding of new customers and users, helping them connect SpyCloud capabilities to their specific analytical requirements.
  • Reporting and Coordination
  • Track RFI fulfillment, investigative outcomes, and analyst credit usage, reporting results to SpyCloud leadership.
  • Represent SpyCloud at relevant community events, conferences, and working groups as needed.

Requirements

  • Education
  • Bachelor's degree in intelligence studies, computer science, cybersecurity, international relations, criminal justice, or a related field -- or five or more years of equivalent professional experience in lieu of a degree.
  • Clearance
  • Active TS/SCI required.
  • Preferred background: Department of Defense, Defense Intelligence Agency, Central Intelligence Agency, or affiliate of the Intelligence Community.
  • Five or more years in an all-source, OSINT, or CAI analytical role within a government, defense, or IC-aligned environment.
  • Demonstrated experience supporting RFI pipelines and delivering analytical reports to operational or program stakeholders.
  • Prior experience delivering training or capability demonstrations to cleared analytical audiences.
  • Familiarity with adversary TTPs across one or more threat areas: cyber operations, foreign procurement, critical infrastructure, influence operations, or illicit finance.
  • Technical Skills
  • Proficient in OSINT collection and CAI analysis: domain research, identity resolution, infrastructure mapping, and entity attribution.
  • Practical experience incorporating AI and large language models into analytical work, including prompt development and output validation.
  • Comfortable working with REST APIs and scripted data queries; Python preferred.
  • Familiarity with commercial investigative platforms and ability to adapt them to new data sources and mission requirements.
  • Familiarity with adversary analysis frameworks -- including MITRE ATT&CK, the Cyber Kill Chain, and the Diamond Model -- as contextual tools for structuring and communicating investigation findings.
  • Working knowledge of structured analytic techniques (SATs) for evaluating evidence, surfacing assumptions, and reducing analytical bias.
  • Communication
  • Writes clear, well-structured analytical reports: BLUF-first, properly sourced, readable by both analysts and senior leaders.
  • Confident briefing cleared program manag

Additional Information

SpyCloud is on a mission to make the internet a safer place by disrupting the criminal underground. SpyCloud's solutions thwart cyberattacks and protect more than 4 billion accounts worldwide. Cybersecurity is an exciting, evolving space, and being at the forefront of the fight to disrupt cybercrime makes SpyCloud a special place to work. If you're driven to align your career with a fantastic mission, look no further! SpyCloud collects recaptured breach data, malware-exfiltrated credentials, session cookies, and commercially available information at scale. The Investigations team turns that data into investigative reports and analytical products -- attribution packages, infrastructure assessments, identity exposure reports, and analytical support for government and enterprise customers. This is a customer-facing role supporting government and IC-aligned customers across a range of national security mission areas. The analyst will conduct original investigations, respond to requests for information, deliver training and capability demonstrations to cleared personnel, and develop AI-assisted analytical workflows using SpyCloud's platform and tooling.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at spycloud? Share your experience

Interested in this role?

Apply on the company's website.

Cover LetterConnect