Threat Hunter

Nebulock

5d•Remote

About The Position

Nebulock is an agentic threat hunting platform that autonomously surfaces behaviors, not just IOCs, from various data sources. Nebulock acts like a teammate: a 24/7 AI threat hunter that investigates hypotheses, reasons through telemetry, and learns from an environment. Today, threat hunting is broken. Security teams spend weeks chasing alerts, writing detections by hand, and manually validating findings often just to confirm what their existing tools already flagged. Meanwhile, attackers exploit credentials, move laterally, and operate in silence. Nebulock flips the model. We continuously and autonomously hunt across endpoint, identity, and cloud telemetry. We identify the subtle behavioral signals that point to credential misuse, lateral movement, insider threats, and post-access activity. Then we turn those hunts into hardened, behavior-based detections automatically. Nebulock has an established threat hunting function and we're growing the team. You'll be a hands-on hunter and detection contributor, working directly with our Head of Threat Hunting to execute structured hunts, validate detections, and help translate what you find in the wild into product input. You won't own methodology top-down on day one, but you'll have a direct line into shaping it as you grow into the role. Half your time is heads-down hunting across EDR, cloud, SIEM, and identity telemetry, working with design partners and stress-testing findings against real environments. The other half is partnering with detection engineering to pressure-test detection logic, validate AI-assisted workflows, and help translate hunting tradecraft into product priorities.

Requirements

3-5 years in threat hunting, detection engineering, or incident response, with real hands-on depth in at least one of EDR, cloud, SIEM, or identity telemetry
Solid intuition for adversary behavior: you think in TTPs, not just indicators
Some experience developing or improving detection logic, not just consuming it
Comfortable operating with limited process and some ambiguity
Can communicate findings clearly to technical peers and, when needed, to customers

Nice To Haves

Exposure to AI/ML-assisted detection workflows
Background working with or building security products
You've contributed to a hunting program beyond just executing hunts

Responsibilities

Execute structured hunts across endpoint, identity, and log telemetry: post-compromise behaviors, lateral movement, insider threat patterns
Develop and refine hunt hypotheses based on threat intel, telemetry gaps, and field findings
Contribute to Nebulock's hunting methodology and help build repeatable, productizable detection logic
Engage with design partners to tune detections, validate findings, and surface product-relevant insights
Work with the detection engineering team to review and improve detection coverage
Validate and iterate on AI-assisted detection workflows and know when the model is wrong
Prototype new hunting approaches and contribute to decisions about what's worth building into the product
Translate hunt findings into structured logic, data requirements, and feature input

Benefits

Competitive salary and performance-based bonuses.
Flexible PTO and a remote work environment built on trust.
Comprehensive health, dental, and vision insurance.
A collaborative, agile culture that values transparency, cross-departmental teamwork, and continuous learning.
The opportunity to be a foundational member of the CS team, shaping how we support and protect our clients.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume