Threat Researcher

About The Position

Requirements

• 3-6 years of hands-on threat intelligence experience at a commercial vendor, financial institution, or intelligence-community organization with commercial output requirements.
• Proven written output: you have published research, written reports, or produced briefings that non-technical readers could act on. Work samples are required.
• Software engineering baseline: you write Python as a standard part of your research workflow for automation, data collection, API querying, and pipeline building.
• Deploy AI and LLM tooling as a daily force multiplier, not a novelty.
• Proactive hunter mentality: you identify signals before they surface publicly. You have a process, not just a reactive monitoring habit.
• Clear communication and synthesis: you write with precision and brevity.
• Customer-facing capability: you can present research at an event, get on a webinar, and hold a room.
• Bachelor's degree in Cybersecurity, Computer Science, Journalism, Political Science, or equivalent. Demonstrated output accepted in lieu of formal degree.

Nice To Haves

• Background from a pure-play commercial TI vendor: Flashpoint, Recorded Future, Mandiant, CrowdStrike, Palo Alto Unit 42, Proofpoint, ZeroFox, Intel 471, Cybersixgill.
• Financial services threat intelligence background: JPMorgan, Citigroup, Goldman Sachs, or equivalent TI teams where output is commercially oriented.
• Published research, CVEs, conference presentations (Black Hat, DEF CON, RSA), or a recognized GitHub or blog presence.
• Experience with DriftNet, Shodan, VirusTotal Intelligence, MISP, or comparable data platforms.
• Detection engineering: YARA, Sigma, or Snort signature development.
• Familiarity with large-scale data pipelines or streaming platforms (Kafka, Splunk, or equivalent).
• Prior experience producing content that supported marketing, demand generation, or customer-facing commercial goals.

Responsibilities

• Produce finished threat intelligence: monthly and quarterly research reports, blog posts, and executive briefings that translate complex technical findings into content that non-technical buyers can act on.
• Hunt threats proactively: track adversary TTPs, monitor dark web and underground forums, map infrastructure, and identify signals before they become public.
• Deploy AI-assisted workflows: use LLMs and automation tooling to accelerate your research pipeline, improve synthesis quality, and increase output velocity.
• Write automation code: build Python scripts and pipelines for data collection, API querying, signal extraction, and detection logic.
• Leverage data extraction tools to pull intelligence from SSC's proprietary data platform, producing insights that marketing can self-serve on and that inform customer-facing content.
• Present and evangelize: get on webinars, show up at customer events, and explain what the data means to a CISO, an insurance buyer, or a CFO.
• Collaborate with marketing team to align research output with content calendar, customer event needs, and demand generation goals.
• Contribute to SSC's published research presence: blog posts, reports, and media briefings that build brand and drive inbound pipeline.

Benefits

• Competitive salary
• Stock options
• Health benefits
• Unlimited PTO
• Parental leave
• Tuition reimbursements