Director, Threat Hunting

DNSFilter is revolutionizing network security by providing fast, accurate, and reliable threat protection and content filtering. We're a rapidly growing company dedicated to creating a safer internet for businesses and organizations worldwide. Leveraging AI-driven threat intelligence, DNSFilter empowers our customers to proactively block threats before they impact their networks. We foster a collaborative, innovative, and results-oriented culture where every team member contributes to our mission of making the internet safer.

As we continue our product-fueled growth by adding new features and broadening our solution to meet the needs of the global market, it's clear there's a missing piece. That's where you come in! 

We are seeking a Director of Threat Hunting to lead our Threat Intelligence function. This deeply technical "player-coach" will be responsible for tracking adversaries, delivering actionable intelligence to shape our product, and protecting our customers. The ideal candidate is passionate about rolling up their sleeves to conduct deep-dive analysis, strategy, team leadership, and has built and guided intelligence and hunting capabilities as they mature.
This is a full-time role open to candidates in the United States and Canada.

We recognize that people come with a wealth of experience and talent beyond just the technical requirements of a job. If you feel like this job is for you, please apply. We believe diversity of experience and skills, including transferable skills, combined with passion, is a key to innovation and excellence; therefore, we encourage people from all backgrounds to apply to our positions! 

• Lead from the front by actively engaging in hands-on threat hunting across DNSFilter's vast DNS telemetry and cloud environments to detect, investigate, and disrupt adversary activity, serving as a senior individual contributor while building and mentoring a high-performing threat intelligence team.
• Architect and establish initial intelligence workflows by designing and implementing the foundational processes and practices for the threat intelligence function, demonstrating the ability to build from the ground up before scaling the team and its capabilities.
• Translate real-world investigations and Indicators of Compromise (IOCs) into an actionable product strategy and roadmap for new features.
• Collaborate with DNSFilter’s internal IT and Security teams to pilot and establish company-wide investigation workflows and best practices.
• Partner closely with Product Management to define the vision and shape the evolution of DNSFilter’s threat intelligence and digital forensics capabilities.
• Share your expertise by establishing the standards for clear reports and playbooks, while providing direct mentorship and career development as the team grows.

• 10+ years of professional experience in threat intelligence and analysis, with a history of proactively seeking out novel threats and vulnerabilities, and publicly accessible published material available for review.
• Proven ability to operate as a hands-on individual contributor with demonstrated experience in directly analyzing DNS data and webpage captures, mapping network infrastructure, identifying threats, and developing intelligence, with a clear track record of building and scaling threat intelligence functions from an initial stage.
• Strong leadership in establishing new initiatives with experience in leading the charge from zero, including defining initial workflows and processes for a threat intelligence program, and then successfully scaling the function as it matures.
• At least 3 years of experience managing or leading a technical team.
• Strong scripting ability (Python) and experience with data analysis libraries such as pandas
• Experience with reverse engineering tools (IDA Pro, Ghidra, or similar)
• Proven experience turning investigative insights into product improvements, shaping repeatable, scalable workflows, and contributing to the overall security posture through advanced threat intelligence and detection strategies.
• Excellent communication skills — comfortable collaborating with and presenting to cross-functional technical and executive teams.
• Experience in analytics on big data (Petabytes) using AWS Athena queries.
• Ability to work hours mostly overlapping with ET hours.
• Must be eligible to work in the region of hire without sponsorship from an employer now and in the future.

• Strong experience building and scaling an intelligence function at a security SaaS vendor or MSP/MSSP.
• Experience leading threat intelligence within digital forensics or incident response engagements.
• Advanced experience in detection and response in SaaS and multi-cloud environments 
• Strong experience in architecting the use of automation or AI-assisted tools to accelerate investigations.
• Experience with malware analysis for the Windows platform using reverse engineering tools.
• Open source project(s) available for review on Github related to malware analysis and/or DNS-related data analysis.
• Experience working directly with enterprise or MSP customers during high-stakes investigations or advisory engagements.
• Deep expertise in applying frameworks like MITRE ATT&CK, Cyber Kill Chain, and D3FEND to drive detection strategy.
• Ability to think like the adversary—modeling attacker infrastructure and TTPs to improve detection strategies.
• A proven track record of guiding and developing senior analysts and leading initiatives in developing advanced threat hunting skills for complex investigations.
• Significant recognition within the security community (e.g., influential published research, conference talks, key open-source contributions, or certifications like GCTI, GCIA, OSCP).

• Pathway to promotion to additional organizational positions and responsibilities based upon results and performance, not just time in the chair.
• You help us grow, and we will help you grow.
• Passionate and intelligent colleagues who work hard and have a good time doing it.
• Paid company-wide week off at the end of each year.
• Flexible Vacation Policy.
• Awesome company swag.
• Full medical, dental, and vision benefits for US, UK, and Canada-based employees.
• Full short-term disability and life benefits; available long-term disability.
• Retirement savings account options with vested company matching for qualifying employees.
• In-person annual gatherings. Last time we all spent a week on a beach in Cancun!

DNSFilter is a pay-for-performance organization, which means there is an opportunity to advance your compensation based on performance over time. The hiring base pay is dependent on several factors, including level, function, training, transferable skills, work experience, business needs, and geographic location. As a hybrid company, our compensation reflects the cost of labor across several U.S. and global geographic markets. We pay differently based on those defined markets. Our Talent Team can share more about the specific salary range for the job location during the hiring process.

DNSFilter participates in the E-Verify program.

At DNSFilter, we utilize sophisticated software and tools to identify and eliminate Deepfake candidates. This approach helps us maintain the integrity of our hiring process, ensuring that we select the most qualified and genuine individuals to join our team.