Sr. Threat Researcher

Illumio is the leader in ransomware and breach containment, redefining how organizations contain cyberattacks and enable operational resilience. Powered by the Illumio AI Security Graph, our breach containment platform identifies and contains threats across hybrid multi-cloud environments – stopping the spread of attacks before they become disasters.

Recognized as a Leader in the Forrester Wave™ for Microsegmentation, Illumio enables Zero Trust, strengthening cyber resilience for the infrastructure, systems, and organizations that keep the world running.

At Illumio, we’re pioneering cybersecurity innovation with our Illumio Insights platform, which leverages a dynamic security graph built from network flows, workload inventories, identity data, threat data, and vulnerability data. This graph enables essential functions such as breach risk detection, network segmentation assessment, active breach identification, and intelligent policy recommendations. To accelerate our product evolution, we’re expanding our Threat Research Team with a dedicated expert who will serve as a long-term subject matter expert (SME) for the Illumio Insights product team.

We’re looking for a talented Senior Threat Researcher to provide ongoing guidance on threats, threat intelligence, attacker behaviors, and TTP mapping. You’ll analyze large-scale security datasets, map real-world adversary activity, identify gaps, and collaborate closely with product teams to translate insights into enhanced detection, data enrichment, and strategic direction. This role bridges threat research, detection engineering, and product innovation, offering a unique opportunity to impact how global organizations defend against advanced cyber threats.

• Analyze large-scale security datasets to identify attacker behaviors, patterns, TTPs (Tactics, Techniques, and Procedures), and emerging risks.

• Map observed behaviors to the MITRE ATT&CK framework and real-world adversary tradecraft.

• Leverage the security graph to model attack paths and uncover opportunities to reduce the risk of lateral movement.

• Identify gaps in detection coverage, data enrichment, and segmentation effectiveness.

• Develop and validate hypotheses about evolving threats using research and intelligence sources.

• Partner closely with Product and Engineering teams to translate research findings into concrete improvements:

• Enhanced detection logic and analytics

• Improved data tagging, enrichment, and graph quality

• More actionable customer-facing risk insights

• Recommend segmentation strategies and policy improvements to strengthen breach containment and limit lateral movement.

• Contribute to internal threat models and risk frameworks that directly inform product roadmap decisions.
  

• Provide expert guidance on emerging threats observable in our platform and their implications for customers.

• Support product, sales, and customer-facing teams with research-backed insights and threat context.

• Contribute to internal research, patents, and future external publications as the function matures.

• Track global adversary evolution to help shape long-term detection and risk strategies.

• 5+ years of experience in threat research, incident response, detection engineering, or adversary emulation.

• Strong understanding of attacker tradecraft across enterprise, cloud, and hybrid environments.

• Deep familiarity with the MITRE ATT&CK framework and real-world TTP mapping.

• Hands-on experience working with security telemetry sources.

• Excellent written and verbal communication skills, with the ability to translate complex findings into clear, actionable insights.

• Comfort working in ambiguous environments and helping define new functions.

• Experience writing detection rules, analytics queries, or conducting threat hunting.

• 7–10+ years in threat intelligence or security research roles.

• Experience analyzing security graphs or graph-based analytics for threat detection.

• Background in network segmentation, zero-trust architecture, or micro-segmentation.

• Proven ability to influence product development in a fast-paced environment.
  

• Previous experience at a cybersecurity product company.

• Track record of publishing threat research or speaking at industry conferences.

• Experience integrating external threat intelligence feeds.

• Relevant certifications (e.g., GCIH, GCFA, or similar).

• Curious and hypothesis-driven, with a passion for digging into raw data to uncover meaningful signals.

• Pragmatic — focused on turning research into real product impact and measurable risk reduction.

• Able to move fluidly between deep technical analysis and high-level business implications.

• Collaborative and influential, thriving in a fast-paced product development environment where your insights directly shape product direction.

• Committed to delivering practical defenses that protect customers from sophisticated attacks.

#LI-PO1 #LI-ONSITE

Illumio believes that an environment of unique backgrounds, experiences, viewpoints, and individual contributions creates a culture of belonging, drives our future, and makes us stronger together in support of our customers and their success.

All official job offers from our company are extended directly by our recruitment team and will be sent through an official E-Signature document for your review and signature. Please be aware that we do not ask for any personal information in the process of extending offers of employment, such as financial details or social security numbers. Upon acceptance of any offer, we will request such information as part of the onboarding process prior to or on your first day of employment, and only after completing a background check through an authorized third-party vendor. If you receive any communication asking for personal details outside of these processes, please contact us immediately to verify the authenticity of the request. Your security is important to us, and we are committed to a safe and transparent hiring experience.

For roles in San Francisco and Los Angeles: Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Illumio will consider for employment qualified applicants with arrest and conviction records.