Principal Threat Researcher

About The Position

Requirements

• 10+ years across the fields of cybersecurity, threat research, intelligence analysis, or advanced threat detection roles.
• Significant experience tracking nation-state APTs, major cybercrime organizations, and/or malware campaigns.
• Demonstrated DNS-based investigation experience, to include botnets.
• Proficiency with professional threat hunting tools and OSINT tradecraft.
• Strong scripting ability (Python preferred) to automate research workflows.
• Experience documenting analytical reasoning and confidence levels with technical data and outcomes.
• Ability to work hours overlapping with ET hours
• Must be eligible to work in the region of hire without sponsorship from an employer now and/or in the future

Nice To Haves

• Malware analysis experience (static or dynamic), AWS or other major cloud provider experience, and/or niche threat hunting experience.
• Examples of completed, hands-on investigations that have led to materially relevant security outcomes.
• Statistical analysis or data science experience (academic or otherwise).
• Experience producing public threat reports and/or speaking at security conferences.
• Familiarity with the entire threat intelligence lifecycle and utilizing structured, rigorous analytic techniques to follow it end-to-end.

Responsibilities

• Campaign & Infrastructure Clustering
• Identify, categorize, and track malicious campaigns.
• Own cluster-related infrastructure, building novel, high-fidelity clustering methods.
• Continuously refine fingerprints and tradecraft as adversaries shift TTPs.
• Hypothesis-Driven Research
• Develop and validate logical assumptions about operator behavior using your expertise and large data sets, converting them into actionable intelligence.
• Maintain consistent, reproducible documentation.
• Professional Tooling & Tradecraft
• Demonstrate experience using professional-grade threat hunting/intelligence tooling, network telemetry, and OSINT.
• Comfortably carry an investigation from start to finish, drafting an explainable narrative while cataloguing the evidence necessary to support each piece.
• From Research to Production
• Translate research findings into durable detection rules (logic, tags, scores), predictive real-time intelligence feeds, and impactful intelligence outcomes. Partner with ML/AI engineers to operationalize patterns.
• Publication & Impact
• Produce high-confidence reports for internal and external consumers.
• Contribute to public security community narratives (talks, webinars).
• Maintain high standards for professionalism and technical know-how in communications.
• Travel
• Present at tradeshows and industry events 2-5 times a year.

Benefits

• Pathway to promotion to additional organizational positions and responsibilities based upon results and performance, not just time in the chair. You help us grow, and we will help you grow.
• Passionate and intelligent colleagues who work hard and have a good time doing it
• Paid company-wide week off at the end of each year
• Flexible Vacation Policy
• Awesome company swag
• Full medical, dental, and vision benefits for US, UK, and Canada-based employees
• Full short-term disability and life benefits; available long-term disability
• Retirement savings account options with vested company matching for qualifying employees
• In-person annual gatherings. Last time we all spent a week on a beach in the Dominican Republic!