Назад
Company hidden
2 дня назад

Senior Research Engineer, Threat Intelligence

142 500 - 192 500$
Формат работы
remote (только USA)
Тип работы
fulltime
Грейд
senior
Английский
b2
Страна
US/Canada
Вакансия из списка Hirify.GlobalВакансия из Hirify Global, списка международных tech-компаний
Для мэтча и отклика нужен Plus

Мэтч & Сопровод

Для мэтча с этой вакансией нужен Plus

Описание вакансии

Текст:
/

TL;DR

Senior Research Engineer, Threat Intelligence (Python/TypeScript, STIX/TAXII): Building research-to-production pipelines that turn threat intel findings into detection content, distributed feeds, and customer-ready artifacts with an accent on schema contracts, standards adoption, and production-grade automation. Focus on shipping threat intelligence platform components and detection logic (YARA/Sigma/STIX patterns) while engineering model-assisted research workflows with eval harnesses, retrieval grounded in internal corpora, and cost/latency-safe execution.

Location: Remote (Washington, DC)

Salary: $142,500 - $192,500 (base plus bonus)

Company

hirify.global provides cybersecurity ratings used for continuous monitoring, third-party risk management, and cyber insurance underwriting.

What you will do

  • Own the end-to-end path from research output to production-ready artifacts (detection rules, distributed feeds, scoring inputs, and customer alerts) with integration hooks and schemas prepared upfront.
  • Build and extend STRIKE threat intelligence platform components across services and runtimes, including distribution servers, sandbox orchestration, OSINT ingestion, sharing endpoints, agent runtimes, and rules engines.
  • Convert research into shipped detection content and signal production using YARA, Sigma, STIX patterns, behavioral indicators, and correlation pipelines over large-scale scan and attack-surface data.
  • Drive STIX 2.1 adoption and TAXII 2.1 distribution, defining and governing schemas that remain stable for downstream teams.
  • Engineer automation for research workflows (enrichment, correlation, feed normalization, sandbox triage) including retrieval grounded in internal corpora, schema-constrained outputs, and regression-catching eval harnesses.
  • Coordinate cross-functionally to ensure research lands in product, and provide technical input for customer integrations and partner engagements when needed.

Requirements

  • BS/MS in CS, Cybersecurity, or equivalent technical background.
  • 5–8 years hands-on experience in threat intelligence, security research, or detection engineering, including building production systems that consume or emit threat intel data.
  • Production-level Python and TypeScript/Node; AWS (preferred), containers, CI/CD, relational/cache databases, and at least one streaming/batch data platform.
  • Practical ability to compose STIX 2.1, TAXII 2.1, MISP, and MITRE ATT&CK.
  • Hands-on detections experience with YARA, Sigma, and STIX patterning; ability to parse adversary infrastructure and write production-grade detection logic.
  • Experience shipping production systems using language models (not just demos), including retrieval over a real corpus, schema validation, eval harnesses, and understanding model failure modes (recency, long-tail facts, numerical reasoning, adversarial input, prompt injection).

Culture & Benefits

  • Competitive country-specific salary, stock options, health benefits, and unlimited PTO.
  • Parental leave and tuition reimbursement.
  • Annual performance-based incentive compensation and potential equity in addition to base salary.
  • Equal Employment Opportunity commitment and diversity-focused hiring.

Hiring process

  • Interviews focused on research-to-production engineering, threat intelligence/detection content, and production system design.
  • Evaluation of practical experience with standards (STIX/TAXII), detection tooling (YARA/Sigma), and production ML workflow engineering.

Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →