Principal Cyber Investigator

10a Labs' Investigations Team is looking for a Principal Cyber Investigator to lead day-to-day operations and oversee quality across a cyber investigations team. This role requires senior cybersecurity expertise combined with the operational and leadership experience to manage a high-performing team, interface directly with client stakeholders, and set the standard for investigative and labeling output quality and consistency.

• Oversee day-to-day operations of the cyber investigations team, ensuring investigations are completed accurately, efficiently, and in accordance with outlined requirements and rubrics 
• Serve as the senior technical authority on complex and escalated cases, making final determinations on real-world harm potential and offensive uplift 
• Monitor and maintain quality metrics across the team, identifying gaps and implementing improvements to investigative processes and detection pipelines
• Interface directly with client stakeholders to communicate findings, surface emerging trends, and align on evolving policy and operational priorities
• Mentor and develop senior and junior investigators, providing guidance on technically demanding and ambiguous cases
• Lead threat actor analysis, synthesizing findings across cases to inform broader detection and mitigation strategies
• Query internal data sources via DQL and programmatically, and cross-reference open-source information (OSINT) to support investigations and validate team output
• Respond to critical escalations and on-call leads, including those not caught by existing safety systems

• At least 9+ years of experience in cybersecurity, threat intelligence, Trust & Safety, national security, defense, intelligence, or law enforcement domains 
• Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience 
• Demonstrated experience leading or managing investigative teams, including oversight of quality, output, and team development
• Deep subject-matter expertise in one or more of the following: scaled data extraction, ransomware, local and remote exploits, or offensive security operations
• Familiarity with LLM systems and how AI technology can be misused for cyber operations
• Proven ability to serve as a final technical authority on complex cases, with a track record of sound judgment on harm potential and offensive uplift
• Strong SQL, Python, and other data language proficiency for querying data, supporting detection workflows, and validating investigative output
• Exceptional written and verbal communication skills, with experience presenting findings to senior stakeholders
• Ability to rapidly context-switch across domains, modalities, and abuse areas in a fast-paced, ambiguous environment
• Ability to clear an insider-threat background check

• Experience working directly with or within frontier AI labs, large technology platforms, or Trust & Safety organizations
• Experience with threat intelligence frameworks such as MITRE ATT&CK
• Background in dark web monitoring, OSINT, or cross-platform threat analysis
• Experience building or scaling detection and mitigation pipelines
• Full professional proficiency in Arabic, Chinese, Farsi, Portuguese, Russian, or Spanish
• Active security clearance (Secret or above)
• Relevant certifications such as OSCP, GREM, or GCTI