Senior ITDR Threat Intelligence Analyst

Reports to: Director, Adversary Tactics

Location: Remote US

Compensation Range: $160,000.00 to $170,000.00 base plus bonus and equity

What We Do:

Huntress is a fully remote, global team of passionate experts and ethical badasses on a mission to break down the barriers to cybersecurity. Whether creating purpose-built security solutions, hunting down hackers, or impacting our community, our people go above and beyond to change the security game and make a real difference.

Founded in 2015 by former NSA cyber operators, Huntress protects all businesses—not just the 1%—with enterprise-grade, fully owned, and managed cybersecurity products at the price of an affordable SaaS application. The Huntress difference is our One Team advantage: our technology is designed with our industry-defining Security Operations Center (SOC) in mind and is never separated from our service.

We protect 3M+ endpoints and 1M+ identities worldwide, elevating underresourced IT teams with protection that works as hard as they do. As long as hackers keep hacking, Huntress keeps hunting.

What You’ll Do: 

The Huntress ThreatOps team has the unique honor of waking up every morning knowing we will make hackers regret targeting our partners and customers. We’re looking for someone who wants to pour all of their creativity into researching, hunting, and discovering threats in our customer networks. Competitive candidates have experience leading a team composed of various researchers involved in the threat intelligence cycle. Candidates should also have experience creating Threat Intelligence reports, advocating for product enhancements, and public speaking. 

Threat Intelligence Analysts aggregate threat data from the previous month and build reports for our customers.  These reports may also be used for marketing and to illustrate the value of what Huntress provides to customers and the community. Threat Intelligence Analysts are also responsible for writing blog posts and marketing materials regarding emerging threat trends. They also work closely with Security Researchers to obtain more context about threat data.  

Familiarity with product management, scripting/development, incident response, malware analysis, configuration management, and antivirus technologies are additional ways to differentiate yourself.

As you can imagine, success doesn’t happen in a vacuum. An effective hunter fosters highly collaborative environments between the Product, Marketing and Threat Operation Center teams to accelerate our mission and secure the 99% of businesses who fall below the enterprise poverty line. This collaboration is needed to produce and prioritize a unified technical vision which ultimately delivers our most impactful features and capabilities.

We defend over 2.5M endpoints across 33,000+ mid-sized and small business customers, and that number continues to grow each month. Considering this market’s tighter budget, it’s not financially possible to dedicate human analysts to each client. The Security Operations team addresses this challenge head-on by building and scaling highly automated efficiencies—often lightly augmented by our SOC — that make intruders earn every inch of their access while maintaining affordability and healthy gross margins.

Responsibilities:  

• Conduct research on emerging adversary tradecraft to help find patterns of attacks
• Responsible for aggregating threat data to build out reports for customers to show Huntress’ value and inform them of various threats that have been seen and reported
• Responsible for creating reports for marketing to show Huntress’ value to the larger community
• Promote Huntress’ reputation through media interaction, public speaking, and blogs
• Works with the Director of Adversary Tactics, the Security Operations Center, Product, and Marketing for various deliverables
• Responsible for enhancing Huntress visibility by ingesting and utilizing IOCs from external threat intel sources 
• Responsible for blog posts and other marketing materials regarding threat trends
• Investigate identity compromise, initial access + authentication logins, and subsequent access to understand, document, and combat attacker behavior
• Test exploitation of vulnerabilities, misconfigurations, and attack paths that result in developing reliable and weaponized Proof-of-Concept (PoC) exploits for identified vulnerabilities
• Stay current with emerging threats and vulnerabilities
• Document research findings through technical write-ups, advisories, internal reports, and blogs
• Partner with Detection Engineering, SOC, Hunt, Product Research & Marketing teams
• Own & nurture the cross-department relationships critical to successful product delivery & launch
• Eagerness to engage, report, and be accountable to executive stakeholders.
• Passion to translate your expertise in nontechnical ways to deliver impactful security outcomes that protect the 99%
• Promote Huntress’ reputation through media interaction, public speaking, and blogs
• Educate the public on how to be security savvy in novel and fun ways

What You Bring to The Team:

• 5+ years of cyber security threat intel experience
• 2+ years of cloud security experience
• 2+ years of identity security experience
• Experience with SIEM tools for scaled log analysis
• Familiarity with detection engineering and detection logic i.e. Sigma Rules
• Experience researching and scoping threat hunt missions
• Foundational development experience across multiple platforms (e.g., SaaS, Windows, and/or macOS), C/C++, GoLang, and Python (nice to have)
• Proficient knowledge of cloud attacks (Azure and/or Google) and how to detect them

• Proof of Concept (POC) development
• Comfortable reading API documentation for SaaS applications and programming languages
• Experience with conducting searches and creating visualizations in Elastic and Kibana is a plus
• Innovator builder mindset – you are not afraid to build in the open and share the ugly early versions of your work using feedback to iterate your research & learning
• Security conference presenters and community educators preferred
• Understanding of cyber security, threat actors, and end-to-end threat life cycle, including one or more of the following: digital forensics, malware research, incident response, vulnerabilities, and exploits
• Experience with 3rd party intelligence tools, feeds, and reputation services 
• Experience conducting OSINT gathering and analysis
• Excellent written and verbal communication skills

Preferred Qualifications:

• Identity Access Management (IAM) Engineer experience
• Experience with identity and access management (IAM) concepts and tools
• Experienced Cyber Network Operator, Computer Network Operator, Cyber Technical Operator Targeter, or other similar career field experience
• Incident responder in Azure or Google environment incident experience
• Passion for MSP community
• Security conference presenter experience
• Security community educator & advocate experience

What We Offer: 

• 100% remote work environment - since our founding in 2015
• Generous paid time off policy, including vacation, sick time, and paid holidays
• 12 weeks of paid parental leave
• Highly competitive and comprehensive medical, dental, and vision benefits plans 
• 401(k) with a 5% contribution regardless of employee contribution
• Life and Disability insurance plans
• Stock options for all full-time employees 
• One-time $500 reimbursement for building/upgrading home office
• Annual allowance for education and professional development assistance 
• $75 USD/month digital reimbursement
• Access to the BetterUp platform for coaching, personal, and professional growth

Huntress is committed to creating a culture of inclusivity where every single member of our team is valued, has a voice, and is empowered to come to work every day just as they are. 

We do not discriminate based on race, ethnicity, color, ancestry, national origin, religion, sex, sexual orientation, gender identity, disability, veteran status, genetic information, marital status, or any other legally protected status.  

We do discriminate against hackers who try to exploit small businesses.

Accommodations: 

If you require reasonable accommodation to complete this application, interview, or pre-employment testing or participate in the employee selection process, please direct your inquiries to [email protected]. Please note that non-accommodation requests to this inbox will not receive a response. 

If you have questions about your personal data privacy at Huntress, please visit our privacy page.

#BI-Remote