Senior Research Engineer, Threat Intelligence
Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
TL;DR
Senior Research Engineer, Threat Intelligence (Python/TypeScript, STIX/TAXII): Building research-to-production pipelines that turn threat intel findings into detection content, distributed feeds, and customer-ready artifacts with an accent on schema contracts, standards adoption, and production-grade automation. Focus on shipping threat intelligence platform components and detection logic (YARA/Sigma/STIX patterns) while engineering model-assisted research workflows with eval harnesses, retrieval grounded in internal corpora, and cost/latency-safe execution.
Location: Remote (Washington, DC)
Salary: $142,500 - $192,500 (base plus bonus)
Company
provides cybersecurity ratings used for continuous monitoring, third-party risk management, and cyber insurance underwriting.
What you will do
- Own the end-to-end path from research output to production-ready artifacts (detection rules, distributed feeds, scoring inputs, and customer alerts) with integration hooks and schemas prepared upfront.
- Build and extend STRIKE threat intelligence platform components across services and runtimes, including distribution servers, sandbox orchestration, OSINT ingestion, sharing endpoints, agent runtimes, and rules engines.
- Convert research into shipped detection content and signal production using YARA, Sigma, STIX patterns, behavioral indicators, and correlation pipelines over large-scale scan and attack-surface data.
- Drive STIX 2.1 adoption and TAXII 2.1 distribution, defining and governing schemas that remain stable for downstream teams.
- Engineer automation for research workflows (enrichment, correlation, feed normalization, sandbox triage) including retrieval grounded in internal corpora, schema-constrained outputs, and regression-catching eval harnesses.
- Coordinate cross-functionally to ensure research lands in product, and provide technical input for customer integrations and partner engagements when needed.
Requirements
- BS/MS in CS, Cybersecurity, or equivalent technical background.
- 5–8 years hands-on experience in threat intelligence, security research, or detection engineering, including building production systems that consume or emit threat intel data.
- Production-level Python and TypeScript/Node; AWS (preferred), containers, CI/CD, relational/cache databases, and at least one streaming/batch data platform.
- Practical ability to compose STIX 2.1, TAXII 2.1, MISP, and MITRE ATT&CK.
- Hands-on detections experience with YARA, Sigma, and STIX patterning; ability to parse adversary infrastructure and write production-grade detection logic.
- Experience shipping production systems using language models (not just demos), including retrieval over a real corpus, schema validation, eval harnesses, and understanding model failure modes (recency, long-tail facts, numerical reasoning, adversarial input, prompt injection).
Culture & Benefits
- Competitive country-specific salary, stock options, health benefits, and unlimited PTO.
- Parental leave and tuition reimbursement.
- Annual performance-based incentive compensation and potential equity in addition to base salary.
- Equal Employment Opportunity commitment and diversity-focused hiring.
Hiring process
- Interviews focused on research-to-production engineering, threat intelligence/detection content, and production system design.
- Evaluation of practical experience with standards (STIX/TAXII), detection tooling (YARA/Sigma), and production ML workflow engineering.
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →