Responsibilities
- Design and curate a structured and contextual knowledge base (i.e. threat actor profiles, TTPs, attack patterns etc.) for our agents and internal threat hunters
- Measure and prove that your opinionated view of the threat landscape improves outcomes for our customers
- Be the authoritative voice on prioritization (i.e. Should we hunt this technique? Does this threat actor target our customers? Is this exploitable in their environments? etc.)
- Cut through daily feeds and the headlines to identify what demands attention
- Leverage AI tooling to build the intelligence layer that helps customers answer: "what matters to me and why"
- Track active threat campaigns and adversary TTPs across endpoint, cloud, and IAM
- Conduct original research into threat actor TTPs, malware families, and emerging attack techniques across endpoint, cloud, and identity
- Analyze adversary infrastructure, tooling, and behavioral patterns to surface novel detection opportunities
- Translate threat intelligence into actionable hunt hypotheses and detection rules by mapping adversary behaviors to normalized telemetry
- Account for real-world telemetry constraints and visibility gaps
- Represent Nebulock externally via blog posts, conference talks, published research etc.
- Partner with threat hunters and detection engineers to inform priorities based on emerging threats relevant to customer environments
- Maintain a continuous feedback loop between what adversaries are doing in the wild and what we build in response
- Collaborate with product + engineering to drive the product roadmap
- Engage with customers to deliver threat briefings, analysis, and advisories tailored to their environments
- Determine which threat intelligence partnerships Nebulock should invest in (commercial CTI vendors, ISACs, OSINT communities etc.)
Requirements
- 7+ years in threat intelligence or threat research with exposure across multiple industries
- Deep expertise in mapping threat actor TTPs to observable telemetry
- Strong understanding of adversary tradecraft across endpoint, cloud, and IAM
- Experience and excitement about using AI-assisted development tools to build lightweight tooling, automations, and prototypes
- Proven ability to prototype, iterate, and ultimately build your own tooling
- Demonstrated ability to distill complex topics into something actionable and understandable
- Active participation in threat intelligence sharing communities
Benefits
- Competitive salary + equity (early-stage startup with significant upside)
- Flexible remote work (US-based, hybrid option for Boston area)
- Autonomy to build the threat research function from scratch
- Low-ego and high-trust environment
Work Arrangement
Hybrid — Boston
Additional Information
- Flexible remote work (US-based, hybrid option for Boston area)
- Low-ego and high-trust environment
- Autonomy to build the threat research function from scratch