We’ve expanded our partnership with Mandiant, now part of Google Cloud, to help our users operationalize and prioritize threat intelligence. READ THE PRESS RELEASE >

Threat Researcher

Job Date Posted:

About the Opening:

Are you looking for an active role in detecting and stopping advanced cyber threats across many customers at scale? Do you like tracking threat actors, understanding their tactics, techniques and procedures (TTPs), and finding new and creative ways to detect them from the breadcrumbs they leave behind? Are you a “pyramid of pain” master, with a passion for purple teaming? In this unique hands-on research role, you’ll follow the latest cyber threats and industry trends from open source and customer intelligence, replicate cyber attacks and add them to our threat library, and create high quality behavioral detections to defend our customers. You’ll have the opportunity to interact with the community and share your research through blog posts, videos, webinars, and speaking at industry conferences. This is a chance to think differently about cyber defense, use completely new tools and approaches, and develop the next generation of security detections. Let’s outsmart the adversary and change the security landscape for the better.

This position is fully remote from anywhere in the United States. Travel is not expected for this role. Due to the sensitive nature of the work and certain customers, U.S. citizenship is required. Salary, equity, and title (Junior, Mid, Senior) dependent on experience.


You will be responsible for:

  • Following the news on the latest threats, threat intelligence, and industry trends
  • Quickly understanding and replicating sophisticated threats and threat actor behaviors
  • Creating and maintaining lab infrastructure to emulate cyber attacks
  • Creating and tuning high-quality behavioral detections using SIEM and EDR data
  • Improving detection coverage across the MITRE ATT&CK framework and cyber kill chains
  • On a limited basis, responding to customer requests for information or providing consulting services to customers to help enable their use of SnapAttack


To be successful you will have:

  • Knowledge of threat hunting, red teaming, and threat intelligence and a passion for combining them
  • Experience working with EDRs, such as CrowdStrike, SentinelOne, Microsoft Defender for Endpoint, and Microsoft Sysmon
  • Experience working with SIEMs, such as Splunk and Microsoft Sentinel
  • Experience with offensive security tools, such as Bloodhound, Cobalt Strike, and others on Kali Linux
  • Experience with scripting languages including PowerShell, Bash or Python
  • The ability to operate in a fast-paced startup environment and be autonomous when needed


An ideal candidate would:

  • Contribute to or maintain open source security tools
  • Have experience creating short, technical blog posts, videos, and webinars
  • Be active in the infosec community on platforms such as Twitter, Slack, and Discord
  • Previously have spoken at industry conferences (e.g., BSides, DEF CON, Blackhat, ShmooCon) or a desire to do so
  • Have past experience working in a Security Operations Center (SOC) environment


About SnapAttack:

SnapAttack is the enterprise-ready platform that helps security leaders answer their most pressing question: “Are we protected?”

Since 2021, SnapAttack has been hard at work, rapidly evolving the platform, enabling proactive threat hunting, removing barriers to detection-as-code, and advocating for purple teaming – all in one integrated platform. By rolling threat intelligence, adversary emulation, detection engineering, threat hunting, and purple teaming into a single, easy-to-use product with a no-code interface, SnapAttack enables you to get more from your technologies, more from your teams, and makes staying ahead of the threat not only possible – but also achievable.

We are a post Series A startup. We believe in sharing knowledge and empowering the community through data-driven decision making. Our employees have self-autonomy, strong opinions but weakly held, minimal egos, a passion for solving tough challenges, and a get shit done attitude. We offer competitive benefits to our staff so they can focus on their families and improving our customers’ security.

We’re an equal-opportunity employer that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to help our customers stay ahead of cyber threats.