Staff Threat Research Engineer

About The Position

Requirements

• 12+ years of cybersecurity experience that includes a mix of: Senior/Principal SOC analyst, threat hunter, or purple team practitioner
• Incident responder or detection engineer roles
• Demonstrated ability to progress threat research into actionable detections and incident response outcomes.
• Experience conducting original or self‑directed threat research that resulted in novel findings — for example, malware or infrastructure analysis, honeypot operations, or similar investigative work leading to actionable insights.
• Broad knowledge of multiple technology stacks and a strong curiosity to learn new platforms.
• Deep experience with multiple major public clouds (AWS, Azure, or GCP), and familiarity with analyzing cloud‑native logs and telemetry.
• Understanding of emerging attack techniques targeting AI infrastructure and machine learning pipelines (e.g., data poisoning, model theft, or prompt injection), and familiarity with frameworks such as MITRE ATLAS.
• Proven history of thought leadership through blogs, LinkedIn articles, or conference presentations.
• Background in the cybersecurity vendor space, with experience providing expert feedback to product and engineering teams.

Nice To Haves

• Prior experience in customer-facing technical roles (consulting, remote support, or advisory).
• Hands‑on familiarity with offensive security tools (Atomic Red Team, Sliver, Cobalt Strike, etc.).
• Scripting or automation capability (Python, PowerShell, etc.).
• Experience with Security Orchestration, Automation, and Response (SOAR) technology.
• Recognized presence or active participation in the security community (e.g., X/Twitter, conferences, open source).
• Experience applying AI or machine learning techniques to improve operational efficiency and automation across the detection rule development lifecycle — from research and validation to deployment and tuning.

Responsibilities

• Research, develop, and test threat detection logic in a lab environment, validating against real‑world attacker behaviors and ensuring technical alignment with Sumo Logic SIEM capabilities.
• Conduct original threat research, such as analyzing malware, tracking infrastructure, or experimenting with honeypots, and translate findings into detection opportunities.
• Investigate industry and adversary trends to identify emerging detection opportunities.
• Collaborate with product management and fellow Threat Labs engineers to scope and prioritize detection campaigns.
• Maintain and expand Threat Labs’ research lab infrastructure.
• Provide practitioner feedback to engineering and product management to inform feature design and roadmap decisions.
• Contribute to the security community through blogs, conference talks, open source projects, and public research contributions.