Logo for Nebulock

Lead Threat Researcher

Role overview

Qualifications

  • 7+ years in threat intelligence or threat research with exposure across multiple industries
  • Deep expertise in mapping threat actor TTPs to observable telemetry
  • Strong understanding of adversary tradecraft across endpoint, cloud, and IAM
  • Experience and excitement about using AI-assisted development tools to build lightweight tooling, automations, and prototypes

Responsibilities

  • Design and curate a structured and contextual knowledge base (i.e. threat actor profiles, TTPs, attack patterns etc.)
  • Measure and prove that your opinionated view of the threat landscape improves outcomes for our customers
  • Conduct original research into threat actor TTPs, malware families, and emerging attack techniques across endpoint, cloud, and identity
  • Partner with threat hunters and detection engineers to inform priorities based on emerging threats relevant to customer environments

Key facts

Other skills

  • Collaboration
  • Communication
  • Problem Solving

About the company

Nebulock logo

Nebulock

Autonomous threat hunting for continuous and context-aware coverage across your security stack. We help security teams hunt threats across endpoint, identity, cloud, network, and SaaS from a single platform. By focusing on behaviors and TTPs rather than IOCs, teams can correlate weak signals into actionable hypotheses and turn discoveries into automated coverage. Our agentic approach brings expert-level threat hunting to your team without additional headcount or specialized expertise.

Company details

Company size11 - 50

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

About Us

Nebulock is an agentic threat hunting platform that autonomously surfaces behaviors, not just IOCs, from various data sources. Nebulock acts like a teammate: a 24/7 AI threat hunter that investigates hypotheses, reasons through telemetry, and learns from an environment. Today, threat hunting is broken. Security teams spend weeks chasing alerts, writing detections by hand, and manually validating findings often just to confirm what their existing tools already flagged. Meanwhile, attackers exploit credentials, move laterally, and operate in silence. Nebulock flips the model. We continuously and autonomously hunt across endpoint, identity, and cloud telemetry identifying the subtle behavioral signals that point to credential misuse, lateral movement, insider threats, and post-access activity. Then we turn those hunts into hardened, behavior-based detections automatically.

Position Overview

We're hiring a Lead Threat Researcher to build the system that determines what actually matters for each specific customer. Your research, opinions, and the tooling you build will help determine what both our threat hunting agents and our internal threat hunters and detection engineers choose to prioritize. You will be the authoritative voice on what actually deserves attention versus what is noise. This role is ideal for someone who wants to build and redesign the threat research function in the age of agentic AI. While you are not expected to ship customer-facing production quality code, you must be excited to experiment and prototype in order to unblock yourself and inform what Software Engineering should build.

Set the Standard for Threat Research in the Age of Agentic AI

  • Design and curate a structured and contextual knowledge base (i.e. threat actor profiles, TTPs, attack patterns etc.) for our agents and internal threat hunters

  • Measure and prove that your opinionated view of the threat landscape improves outcomes for our customers

  • Be the authoritative voice on prioritization (i.e. Should we hunt this technique? Does this threat actor target our customers? Is this exploitable in their environments? etc.)

  • Cut through daily feeds and the headlines to identify what demands attention

  • Leverage AI tooling to build the intelligence layer that helps customers answer: "what matters to me and why"

Conduct and Share Original Threat Research

  • Track active threat campaigns and adversary TTPs across endpoint, cloud, and IAM

  • Conduct original research into threat actor TTPs, malware families, and emerging attack techniques across endpoint, cloud, and identity

  • Analyze adversary infrastructure, tooling, and behavioral patterns to surface novel detection opportunities

  • Translate threat intelligence into actionable hunt hypotheses and detection rules by mapping adversary behaviors to normalized telemetry

  • Account for real-world telemetry constraints and visibility gaps

  • Represent Nebulock externally via blog posts, conference talks, published research etc.

Drive Strategy and Cross-Functional Impact

  • Partner with threat hunters and detection engineers to inform priorities based on emerging threats relevant to customer environments

  • Maintain a continuous feedback loop between what adversaries are doing in the wild and what we build in response

  • Collaborate with product + engineering to drive the product roadmap

  • Engage with customers to deliver threat briefings, analysis, and advisories tailored to their environments

  • Determine which threat intelligence partnerships Nebulock should invest in (commercial CTI vendors, ISACs, OSINT communities etc.)

Qualifications

  • 7+ years in threat intelligence or threat research with exposure across multiple industries

  • Deep expertise in mapping threat actor TTPs to observable telemetry

  • Strong understanding of adversary tradecraft across endpoint, cloud, and IAM

  • Experience and excitement about using AI-assisted development tools to build lightweight tooling, automations, and prototypes

  • Proven ability to prototype, iterate, and ultimately build your own tooling

  • Demonstrated ability to distill complex topics into something actionable and understandable

  • Active participation in threat intelligence sharing communities

What We Offer

  • Competitive salary + equity (early-stage startup with significant upside)

  • Flexible remote work (US-based, hybrid option for Boston area)

  • Autonomy to build the threat research function from scratch

  • Low-ego and high-trust environment

Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
·

Researcher Related jobs

Other jobs at Nebulock

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.