Lead Threat Researcher

Nebulock is an agentic threat hunting platform that autonomously surfaces behaviors, not just IOCs, from various data sources. Nebulock acts like a teammate: a 24/7 AI threat hunter that investigates hypotheses, reasons through telemetry, and learns from an environment. Today, threat hunting is broken. Security teams spend weeks chasing alerts, writing detections by hand, and manually validating findings often just to confirm what their existing tools already flagged. Meanwhile, attackers exploit credentials, move laterally, and operate in silence. Nebulock flips the model. We continuously and autonomously hunt across endpoint, identity, and cloud telemetry identifying the subtle behavioral signals that point to credential misuse, lateral movement, insider threats, and post-access activity. Then we turn those hunts into hardened, behavior-based detections automatically.

We're hiring a Head of Threat Research to build the system that determines what actually matters for each specific customer. Your research, opinions, and the tooling you build will help determine what both our threat hunting agents and our internal threat hunters and detection engineers choose to prioritize. You will be the authoritative voice on what actually deserves attention versus what is noise. This role is ideal for someone who wants to build and redesign the threat research function in the age of agentic AI. While you are not expected to ship customer-facing production quality code, you must be excited to experiment and prototype in order to unblock yourself and inform what Software Engineering should build.

Set the Standard for Threat Research in the Age of Agentic AI

• Design and curate a structured and contextual knowledge base (i.e. threat actor profiles, TTPs, attack patterns etc.) for our agents and internal threat hunters

• Measure and prove that your opinionated view of the threat landscape improves outcomes for our customers

• Be the authoritative voice on prioritization (i.e. Should we hunt this technique? Does this threat actor target our customers? Is this exploitable in their environments? etc.)

• Cut through daily feeds and the headlines to identify what demands attention

• Leverage AI tooling to build the intelligence layer that helps customers answer: "what matters to me and why"

Conduct and Share Original Threat Research

• Track active threat campaigns and adversary TTPs across endpoint, cloud, and IAM

• Conduct original research into threat actor TTPs, malware families, and emerging attack techniques across endpoint, cloud, and identity

• Analyze adversary infrastructure, tooling, and behavioral patterns to surface novel detection opportunities

• Translate threat intelligence into actionable hunt hypotheses and detection rules by mapping adversary behaviors to normalized telemetry

• Account for real-world telemetry constraints and visibility gaps

• Represent Nebulock externally via blog posts, conference talks, published research etc.

Drive Strategy and Cross-Functional Impact

• Partner with threat hunters and detection engineers to inform priorities based on emerging threats relevant to customer environments

• Maintain a continuous feedback loop between what adversaries are doing in the wild and what we build in response

• Collaborate with product + engineering to drive the product roadmap

• Engage with customers to deliver threat briefings, analysis, and advisories tailored to their environments

• Determine which threat intelligence partnerships Nebulock should invest in (commercial CTI vendors, ISACs, OSINT communities etc.)

• 7+ years in threat intelligence or threat research with exposure across multiple industries

• Deep expertise in mapping threat actor TTPs to observable telemetry

• Strong understanding of adversary tradecraft across endpoint, cloud, and IAM

• Experience and excitement about using AI-assisted development tools to build lightweight tooling, automations, and prototypes

• Proven ability to prototype, iterate, and ultimately build your own tooling

• Demonstrated ability to distill complex topics into something actionable and understandable

• Active participation in threat intelligence sharing communities

• Competitive salary + equity (early-stage startup with significant upside)

• Flexible remote work (US-based, hybrid option for Boston area)

• Autonomy to build the threat research function from scratch

• Low-ego and high-trust environment