Threat Intelligence Lead (Remote)

RTX • Full-time • sacramento, California, United States of America • 16h ago

Date Posted: 2026-04-10Country: United States of AmericaLocation: US-CA-REMOTEPosition Role Type: RemoteU.S. Citizen, U.S. Person, or Immigration Status Requirements: The ability to obtain and maintain a U.S. government issued security clearance is required. U.S. citizenship is required, as only U.S. citizens are eligible for a security clearanceSecurity Clearance Type: DoD Clearance: Top SecretSecurity Clearance Status: Active and existing security clearance required after day 1At RTX, the world largest aerospace and defense company, 185,000 great minds are united by purpose and inspired to make a difference solving the world’s most complex problems. With our three market leading businesses, world-class operations and investments in research and development, we offer capabilities and opportunity no one else can. Together, we push the boundaries of known science and find new ways to connect and protect our world. Pratt & Whitney is a world leader in the design, manufacture and service of aircraft engines and auxiliary power systems and has been revolutionizing modern flight for over 100 years. Join us and help shape the future of aerospace and defense. The Pratt & Whitney Global Security Services (GSS) Threat Intelligence Lead is a cyber investigative and analytics role responsible for leading data exfiltration investigations and advancing insider threat detection capabilities within the Threat Management and Intelligence program. Operating at the intersection of cybersecurity, digital forensics, and intelligence analysis, this role focuses on identifying, investigating, and mitigating risks related to the unauthorized movement of sensitive data—including intellectual property and controlled technical information—across endpoints, cloud platforms, email systems, and removable media. The ideal candidate combines investigative experience with strong technical expertise, leveraging enterprise security tools such as Splunk and DLP platforms to detect anomalous behavior and support complex investigations. This role also incorporates open-source intelligence (OSINT) to enrich investigations and strengthen risk identification. In addition to supporting investigations, the Intelligence Lead applies behavioral analytics and trend analysis to proactively identify insider threat indicators and deliver clear, actionable intelligence. What You Will Do:

Lead complex investigations involving data exfiltration, insider threat activity, and misuse of enterprise systems.
Validate and triage alerts from DLP, SIEM, and UEBA; reconstruct user activity and data movement to establish intent, scope, and impact .
Collect, preserve, and analyze digital evidence in support of investigations, ensuring chain-of-custody and legal defensibility.
Conduct forensic analysis of file transfers, user activity, and system artifacts.
Partner with Legal and HR to ensure investigations meet regulatory and evidentiary standards.
Leverage OSINT tools and techniques (e.g., link analysis, persona development, attribution) to identify external risk indicators and potential insider collusion.
Conduct proactive threat hunting to identify previously undetected insider risk activity.
Partner with Cybersecurity (SOC), HR, Legal, Compliance, and IT to coordinate investigative actions and response strategies.
Provide subject matter expertise on data exfiltration risks, investigative findings, and mitigation actions; support escalation and response for high-risk or sensitive incidents.
Produce clear, concise investigative reports and intelligence briefings for technical and non-technical audiences.
Translate complex technical findings into actionable recommendations, including risk mitigation, corrective actions, and control enhancements.
Support the evolution of the insider threat program through process improvements, tool optimization, and policy enhancements. Qualifications You Must Have:
Bachelor’s degree in Cybersecurity, Computer Science, Criminal Justice, Intelligence Studies, or related field (or equivalent experience) and minimum 8 years experience in cyber investigations, digital forensics, insider threat, intelligence analysis, or related fields; or An Advanced Degree in a related field and minimum 5 years experience.
Proven experience conducting data exfiltration or cyber-enabled investigations.
Proven ability to interview subjects, witnesses, and complainants and compiling investigative summaries, findings, and recommendations.
Experience handling digital evidence and maintaining chain-of-custody.
Strong analytical and critical thinking skills with the ability to connect disparate data points into a clear narrative.
Excellent written and verbal communication skills, including investigative reporting and executive briefings.
U.S. Citizenship and ability to obtain and maintain a Secret or Top-Secret security clearance. Qualifications We Prefer:
Experience with data loss prevention tools and forensic platforms.
Knowledge of classified environment operations, including associated security measures and protection of sensitive information.
Experience in insider threat or threat management programs.
Background in corporate investigations, counterintelligence, or cyber threat intelligence.
Hands-on experience with OSINT tools and methodologies, including link analysis and dark web research.
Proven ability to work in cross-functional environments with HR, Legal, Compliance, and Cyber teams.
Knowledge of data classification, IP protection, and export-controlled data environments. What Sets This Role Apart:
Direct mission impact protecting sensitive aerospace technologies and national security programs.
Access to advanced investigative tools, datasets, and enterprise-scale systems.
Unique blend of cyber investigations, insider threat, and intelligence analysis.
High visibility role that engages others to recognize and mitigate risk. Please ensure the role type defined below is appropriate for your needs before applying to this role. This position is classified as: Remote: Employees who are working in Remote roles will work primarily offsite (from home). If you live within a reasonable commute of an RTX site with other colleagues you interact with, your manager will discuss whether there is a degree of onsite presence associated with this role. As part of our commitment to maintaining a secure hiring process, candidates may be asked to attend select steps of the interview process in-person at one of our office locations, regardless of whether the role is designated as on-site, hybrid or remote. The salary range for this role is 107,500 USD - 204,500 USD. The salary range provided is a good faith estimate representative of all experience levels. RTX considers several factors when extending an offer, including but not limited to, the role, function and associated responsibilities, a candidate’s work experience, location, education/training, and key skills.Hired applicants may be eligible for benefits, including but not limited to, medical, dental, vision, life insurance, short-term disability, long-term disability, 401(k) match, flexible spending accounts, flexible work schedules, employee assistance program, Employee Scholar Program, parental leave, paid time off, and holidays. Specific benefits are dependent upon the specific business unit as well as whether or not the position is covered by a collective-bargaining agreement.Hired applicants may be eligible for annual short-term and/or long-term incentive compensation programs depending on the level of the position and whether or not it is covered by a collective-bargaining agreement. Payments under these annual programs are not guaranteed and are dependent upon a variety of factors including, but not limited to, individual performance, business unit performance, and/or the company’s performance.This role is a U.S.-based role. If the successful candidate resides in a U.S. territory, the appropriate pay structure and benefits will apply.RTX anticipates the application window closing approximately 40 days from the date the notice was posted. However, factors such as candidate flow and business necessity may require RTX to shorten or extend the application window.RTX is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or veteran status, or any other applicable state or federal protected class. RTX provides affirmative action in employment for qualified Individuals with a Disability and Protected Veterans in compliance with Section 503 of the Rehabilitation Act and the Vietnam Era Veterans’ Readjustment Assistance Act. Privacy Policy and Terms: Click on this link to read the Policy and Terms