What you will do
Research threat actors, campaigns, and techniques relevant to browser extensions, SaaS apps, autonomous agents, MCP/tooling ecosystems, and related endpoint behaviors.
Build and maintain threat intelligence: TTPs, IOCs where appropriate, ATT&CK-style mappings, and internal knowledge bases.
Design, test, and tune detection logic (behavioral rules, heuristics, models, or equivalent) in collaboration with detection and data science teams.
Analyze customer and telemetry datasets to find novel abuse patterns, false positives, and detection gaps.
Produce clear outputs for multiple audiences: technical blogs, customer-facing briefings, internal playbooks, and engineering specs.
Work with reverse engineering, data engineering, and product to turn research into durable platform capabilities.
Participate in incident-driven research and time-sensitive investigations when new threats emerge.
Research threat actors, campaigns, and techniques relevant to browser extensions, SaaS apps, autonomous agents, MCP/tooling ecosystems, and related endpoint behaviors.
Build and maintain threat intelligence: TTPs, IOCs where appropriate, ATT&CK-style mappings, and internal knowledge bases.
Design, test, and tune detection logic (behavioral rules, heuristics, models, or equivalent) in collaboration with detection and data science teams.
Analyze customer and telemetry datasets to find novel abuse patterns, false positives, and detection gaps.
Produce clear outputs for multiple audiences: technical blogs, customer-facing briefings, internal playbooks, and engineering specs.
Work with reverse engineering, data engineering, and product to turn research into durable platform capabilities.
Participate in incident-driven research and time-sensitive investigations when new threats emerge.
Requirements:
Demonstrable experience in cyber threat research, threat intelligence, or detection engineering (commercial, government, or high-quality independent research).
Strong understanding of offensive techniques and how they appear in endpoint, identity, or SaaS/browser telemetry-not only classic PE malware.
Proficiency in scripting for analysis (e.g., Python), SQL, SIEM or equivalent investigative query languages, and low-level inspection of behaviors relevant to threat research and detection.
Excellent written communication; ability to explain tradeoffs between precision, coverage, and operational load.
Collaborative mindset; experience working with engineering teams on shipped features or detections.
Demonstrable experience in cyber threat research, threat intelligence, or detection engineering (commercial, government, or high-quality independent research).
Strong understanding of offensive techniques and how they appear in endpoint, identity, or SaaS/browser telemetry-not only classic PE malware.
Proficiency in scripting for analysis (e.g., Python), SQL, SIEM or equivalent investigative query languages, and low-level inspection of behaviors relevant to threat research and detection.
Excellent written communication; ability to explain tradeoffs between precision, coverage, and operational load.
Collaborative mindset; experience working with engineering teams on shipped features or detections.
This position is open to all candidates.
