Threat Intelligence Researcher

SecurityScorecard

14h

About The Position

You'll be joining SecurityScorecard's threat research team as its intelligence-focused practitioner, working alongside deep technical researchers to produce timely, actionable intelligence for customers, partners, and internal stakeholders. Where the Threat Researcher role is anchored in technical analysis, this role sits at the intersection of research and communication — you'll be tracking threat actors and their infrastructure, producing intelligence reports, and translating complex findings into clear, credible content for a range of audiences. Marketing is currently one of the team's primary stakeholders, and you'll work closely with them on research-driven content and campaigns — but the team's ambition is to become a resource for every division in the company, and you'll be part of building that reputation. Customer briefings, coordinated threat actor takedowns, and participation in industry events are all part of the mandate. Strong written and spoken English is essential, as is the ability to represent the team's work credibly in external settings. This is a role for someone who combines analytical depth with the communication skills to make that work land.

Requirements

Bachelor's or Master's in Computer Science, Cybersecurity, or a highly technical equivalent.
3–5 years in a hands-on threat intelligence research role within a prominent industry organization, military, law enforcement, or government.
Familiarity with prominent threat actors, APTs, emerging threat vectors, and the wider threat landscape.
Proficiency with large dataset querying and dashboard design using Splunk, SQL, or similar platforms.
A hacker's curiosity — the ability to look at a data point and see the hidden pattern.
Strong written and spoken English.

Nice To Haves

Experience with open source and commercial attack surface, malware analysis, and network intelligence tools and platforms.
Native-level reading and writing proficiency in Russian, Mandarin, Korean, or Farsi.

Responsibilities

Identify, track, and analyze advanced persistent threats (APTs), their TTPs, and their live infrastructure to gain insights into attack vectors, victimology, and attack scale.
Produce timely and actionable intelligence reports for customers, press, and partners.
Participate in customer briefings, incident mitigation, and coordinated threat actor (TA) takedowns.
Develop and maintain high-fidelity detection signatures (YARA, Snort, Sigma) to protect customers.
Query massive datasets (using SQL, Python, or Splunk) to identify anomalies and map out adversary infrastructure.
Build workbooks, dashboards, and develop methodologies to improve detections.
Design and leverage AI and LLM automations to support your analysis workload.