Head of Threat Research

Nebulock

11d•Hybrid

About The Position

Nebulock is an agentic threat hunting platform that autonomously surfaces behaviors, not just IOCs, from various data sources. Nebulock acts like a teammate: a 24/7 AI threat hunter that investigates hypotheses, reasons through telemetry, and learns from an environment. Today, threat hunting is broken. Security teams spend weeks chasing alerts, writing detections by hand, and manually validating findings often just to confirm what their existing tools already flagged. Meanwhile, attackers exploit credentials, move laterally, and operate in silence. Nebulock flips the model. We continuously and autonomously hunt across endpoint, identity, and cloud telemetry identifying the subtle behavioral signals that point to credential misuse, lateral movement, insider threats, and post-access activity. Then we turn those hunts into hardened, behavior-based detections automatically. We're hiring a Head of Threat Research to build the system that determines what actually matters for each specific customer. Your research, opinions, and the tooling you build will help determine what both our threat hunting agents and our internal threat hunters and detection engineers choose to prioritize. You will be the authoritative voice on what actually deserves attention versus what is noise. This role is ideal for someone who wants to build and redesign the threat research function in the age of agentic AI. While you are not expected to ship customer-facing production quality code, you must be excited to experiment and prototype in order to unblock yourself and inform what Software Engineering should build.

Requirements

7+ years in threat intelligence or threat research with exposure across multiple industries
Deep expertise in mapping threat actor TTPs to observable telemetry
Strong understanding of adversary tradecraft across endpoint, cloud, and IAM
Experience and excitement about using AI-assisted development tools to build lightweight tooling, automations, and prototypes
Proven ability to prototype, iterate, and ultimately build your own tooling
Demonstrated ability to distill complex topics into something actionable and understandable
Active participation in threat intelligence sharing communities

Responsibilities

Design and curate a structured and contextual knowledge base (i.e. threat actor profiles, TTPs, attack patterns etc.) for our agents and internal threat hunters
Measure and prove that your opinionated view of the threat landscape improves outcomes for our customers
Be the authoritative voice on prioritization (i.e. Should we hunt this technique? Does this threat actor target our customers? Is this exploitable in their environments? etc.)
Cut through daily feeds and the headlines to identify what demands attention
Leverage AI tooling to build the intelligence layer that helps customers answer: "what matters to me and why"
Track active threat campaigns and adversary TTPs across endpoint, cloud, and IAM
Conduct original research into threat actor TTPs, malware families, and emerging attack techniques across endpoint, cloud, and identity
Analyze adversary infrastructure, tooling, and behavioral patterns to surface novel detection opportunities
Translate threat intelligence into actionable hunt hypotheses and detection rules by mapping adversary behaviors to normalized telemetry
Account for real-world telemetry constraints and visibility gaps
Represent Nebulock externally via blog posts, conference talks, published research etc.
Partner with threat hunters and detection engineers to inform priorities based on emerging threats relevant to customer environments
Maintain a continuous feedback loop between what adversaries are doing in the wild and what we build in response
Collaborate with product + engineering to drive the product roadmap
Engage with customers to deliver threat briefings, analysis, and advisories tailored to their environments
Determine which threat intelligence partnerships Nebulock should invest in (commercial CTI vendors, ISACs, OSINT communities etc.)