CHECK OUT OUR NEW EBOOK: Streamlining the Threat Detection Development Lifecycle with SnapAttack >>


Director of Threat Research

Job Date Posted:

Email or click the button to apply.

What to submit:

1) Subject Line: Role + Your Name 

2) Resume

3) Introduction about yourself

4) LinkedIn profile OR portfolio

5) Cover letter (optional)

About the Opening:

Are you looking for an active role in detecting and stopping advanced cyber threats across many customers at scale? Do you like tracking threat actors, understanding their tactics, techniques and procedures (TTPs), and finding new and creative ways to detect them from the breadcrumbs they leave behind? Are you a “pyramid of pain” master, with a passion for purple teaming? In this unique hands-on research role, you’ll follow the latest cyber threats and industry trends from open source and customer intelligence, replicate cyber attacks and add them to our threat library, and create high quality behavioral detections to defend our customers. You’ll have the opportunity to interact with the community and share your research through blog posts, videos, webinars, and speaking at industry conferences. This is a chance to think differently about cyber defense, use completely new tools and approaches, and develop the next generation of security detections. Let’s outsmart the adversary and change the security landscape for the better.

This is a director level role at a startup. 75% of the time will be spent as a hands-on individual contributor performing threat research. The other 25% will be spent prioritizing the research backlog, tracking and measuring team progress, and mentoring other researchers. You will have the ability to grow and shape your team from the ground up.

This position is fully remote from anywhere in the United States. Travel is not expected for this role. Due to the sensitive nature of the work and certain customers, U.S. citizenship is required. Salary and equity dependent on experience.


You will be responsible for:

  • Participating in interviews and growing the research team; managing and providing feedback and mentoring to direct reports
  • Creating and measuring KPIs to determine the effectiveness of the research program around the quality, volume, and timeliness of new security content
  • Measuring the health and quality of all content in the platform, including updating or tuning existing content as needed
  • Prioritizing the research backlog managing the workload across the team
  • Following the news on the latest threats, threat intelligence, and industry trends
  • Quickly understanding and replicating sophisticated threats and threat actor behaviors
  • Creating and maintaining lab infrastructure to emulate cyber attacks
  • Creating and tuning high-quality behavioral detections using SIEM and EDR data
  • Improving detection coverage across the MITRE ATT&CK framework and cyber kill chains
  • On a limited basis, responding to customer requests for information or providing consulting services to customers to help enable their use of SnapAttack


To be successful you will have:

  • Proven leadership abilities and the desire to grow and manage a team from the ground up
  • The ability to operate in a fast-paced startup environment and be autonomous when needed
  • Knowledge of threat hunting, red teaming, and threat intelligence and a passion for combining them
  • Experience working with EDRs, such as CrowdStrike, SentinelOne, Microsoft Defender for Endpoint, and Microsoft Sysmon
  • Experience working with SIEMs, such as Splunk and Microsoft Sentinel
  • Experience with offensive security tools, such as Bloodhound, Cobalt Strike, and others on Kali Linux
  • Experience with scripting languages including PowerShell, Bash or Python


An ideal candidate would:

  • Contribute to or maintain open source security tools
  • Have experience creating short, technical blog posts, videos, and webinars
  • Be active in the infosec community on platforms such as Twitter, Slack, and Discord
  • Previously have spoken at industry conferences (e.g., BSides, DEF CON, Blackhat, ShmooCon) or a desire to do so
  • Have past experience working in a Security Operations Center (SOC) environment


About SnapAttack:

SnapAttack is the enterprise-ready platform that helps security leaders answer their most pressing question: “Are we protected?”

Since 2021, SnapAttack has been hard at work, rapidly evolving the platform, enabling proactive threat hunting, removing barriers to detection-as-code, and advocating for purple teaming – all in one integrated platform. By rolling threat intelligence, adversary emulation, detection engineering, threat hunting, and purple teaming into a single, easy-to-use product with a no-code interface, SnapAttack enables you to get more from your technologies, more from your teams, and makes staying ahead of the threat not only possible – but also achievable.

We are a post Series A startup. We believe in sharing knowledge and empowering the community through data-driven decision making. Our employees have self-autonomy, strong opinions but weakly held, minimal egos, a passion for solving tough challenges, and a get shit done attitude. We offer competitive benefits to our staff so they can focus on their families and improving our customers’ security.

We’re an equal-opportunity employer that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to help our customers stay ahead of cyber threats.