Sr. Threat Researcher

About The Position

Requirements

• 5+ years of experience in threat research, incident response, detection engineering, or adversary emulation.
• Strong understanding of attacker tradecraft across enterprise, cloud, and hybrid environments.
• Deep familiarity with the MITRE ATT&CK framework and real-world TTP mapping.
• Hands-on experience working with security telemetry sources.
• Excellent written and verbal communication skills, with the ability to translate complex findings into clear, actionable insights.
• Comfort working in ambiguous environments and helping define new functions.
• Experience writing detection rules, analytics queries, or conducting threat hunting.

Nice To Haves

• 7–10+ years in threat intelligence or security research roles.
• Experience analyzing security graphs or graph-based analytics for threat detection.
• Background in network segmentation, zero-trust architecture, or micro-segmentation.
• Proven ability to influence product development in a fast-paced environment.
• Previous experience at a cybersecurity product company.
• Track record of publishing threat research or speaking at industry conferences.
• Experience integrating external threat intelligence feeds.
• Relevant certifications (e.g., GCIH, GCFA, or similar).

Responsibilities

• Analyze large-scale security datasets to identify attacker behaviors, patterns, TTPs (Tactics, Techniques, and Procedures), and emerging risks.
• Map observed behaviors to the MITRE ATT&CK framework and real-world adversary tradecraft.
• Leverage the security graph to model attack paths and uncover opportunities to reduce the risk of lateral movement.
• Identify gaps in detection coverage, data enrichment, and segmentation effectiveness.
• Develop and validate hypotheses about evolving threats using research and intelligence sources.
• Partner closely with Product and Engineering teams to translate research findings into concrete improvements: Enhanced detection logic and analytics, Improved data tagging, enrichment, and graph quality, More actionable customer-facing risk insights.
• Recommend segmentation strategies and policy improvements to strengthen breach containment and limit lateral movement.
• Contribute to internal threat models and risk frameworks that directly inform product roadmap decisions.
• Provide expert guidance on emerging threats observable in our platform and their implications for customers.
• Support product, sales, and customer-facing teams with research-backed insights and threat context.
• Contribute to internal research, patents, and future external publications as the function matures.
• Track global adversary evolution to help shape long-term detection and risk strategies.

Benefits

• Illumio believes that an environment of unique backgrounds, experiences, viewpoints, and individual contributions creates a culture of belonging, drives our future, and makes us stronger together in support of our customers and their success.