Senior Research Engineer, Threat Intelligence
$140k - $150kZoomcar
About the Role You'll join STRIKE, SecurityScorecard's Threat Intelligence team, as the engineering counterpart to research. STRIKE runs several research motions in parallel, each on its own clock: rapid response to active events, longer product‑tied work, and standards‑anchored research on a quarterly cadence. The path from a finding to a shipped detection or feed gets reinvented every time. That’s the problem this role is here to solve. You'll work directly with the senior technical leader who owns STRIKE’s R&D direction, and report to the Head of Threat Research for people management. Technical direction comes from R&D leadership; you own delivery. You'll take a research artifact (a malware finding, an infrastructure cluster, a new indicator class, a behavioral pattern) and turn it into something the company can use without a second round of engineering: schemas, pipeline hooks, distribution feeds, detection rules, or platform APIs. This isn’t a pure research role, and it isn’t a pure platform role either. Researchers ideate, you ship. Key Responsibilities Research‑to‑Production Pipeline Own the path from research output to production‑ready artifact: a detection rule, a distributed feed, a scoring input, or a customer alert. Partner with adjacent teams to define clean handoff contracts, so new signals arrive downstream with the schema, value framing, and consumption pattern already defined. Threat Intelligence Platform Engineering Build and maintain STRIKE platform components across multiple services and runtimes, including distribution servers, sandbox orchestration, OSINT ingestion, federated sharing endpoints, agent runtimes, and rules engines that operate over standards‑anchored predicates. Extend these systems without breaking the data contracts already in production. Detection Content and Signal Production Turn research into shipped detection content: YARA, Sigma, STIX patterns, behavioral indicators, and the pipelines that distribute them. Build correlation pipelines that link scan data, attack surface signals, vulnerability data, and adversary tracking into customer‑facing intelligence. Data Model and Standards Adoption Drive STIX 2.1 adoption as a unified output schema and TAXII 2.1 as a distribution standard. Define and govern schemas that hold up once they reach downstream teams. Research Workflow Engineering Build the automation that removes commodity overhead from research work: indicator enrichment, report drafting, corpus correlation, feed normalization, and sandbox triage. Help move the team from analyst‑driven, model‑assisted workflows toward model‑driven workflows with analyst review. The work that matters most here is often the unglamorous part: retrieval grounded in the team’s own corpus so outputs cite sources rather than model priors, schema‑constrained output so a generated indicator is a valid one, and eval harnesses that catch regressions before analysts do. Cost accounting, latency budgeting, prompt versioning, and output logging round out the infrastructure that makes a workflow safe to run unattended. You should have a clear sense of when a model is the wrong tool. A regex beats a model for known patterns; a SQL query beats a model for structured data. Knowing where that line sits, and respecting it, is part of the job. Cross‑Functional Delivery Coordinate with engineering, measurement, and platform product teams so research actually lands in product. You’ll often serve as the engineering voice translating between researchers, product managers, and platform engineers, and you may occasionally explain the work to customers, journalists, or executives. Qualifications Education Bachelor’s or Master’s in Computer Science, Cybersecurity, or a related technical field. Self‑taught practitioners with strong public work are welcome. Experience 5 to 8 years in a hands‑on engineering role with meaningful exposure to threat intelligence, security research, or detection engineering. Prior experience building production systems that consume or emit threat intel data is required. Technical Skills Python and TypeScript/Node at a production level Relational and cache data stores, plus at least one streaming or batch data platform Cloud infrastructure (AWS preferred), containers, and CI/CD pipelines Working knowledge of STIX 2.1, TAXII 2.1, MISP, and MITRE ATT\&CK, and how they work together in practice Detection and Research Tooling Hands‑on experience with YARA, Sigma, and STIX Patterning. Comfortable reading malware analysis output, parsing adversary infrastructure data, and writing detection logic that holds up under production load. Applied Language Models You’ve shipped production systems that use language models, not just demos. That includes retrieval over a real corpus, structured output with schema validation, eval harnesses that catch regressions before users do, and a solid understanding of where models fail: recency, long‑tail facts, numerical reasoning, and adversarial input or prompt injection. You can do the cost‑per‑task math for your workloads, and you can make the case when a smaller, tightly scaffolded model beats a larger one. You approach model output with healthy skepticism by default. The bar for shipping a model‑generated indicator or detection is higher than for shipping a regex, and you understand why and design accordingly. Bridge Mindset You write code that ships, and you understand why researchers think the way they do. If you’ve only ever worked from a backlog handed down by a product manager, this probably isn’t the right fit. If you’ve taken an idea sketched out in a chat message and turned it into a deployed pipeline before the next sprint began, that’s the mode we’re looking for. Bonus Experience with policy‑as‑code or expression‑language engines (CEL, OPA, or similar) Published or co‑authored security research (campaigns, vulnerabilities, adversary tracking) Large‑scale telemetry experience (Splunk, Kinesis, NetFlow, or equivalent) Contributor or maintainer on open‑source threat intel projects (MISP, OpenCTI, Sigma, STIX, ATT\&CK) Familiarity with quantitative risk frameworks such as FAIR Familiarity with Golang at a production level Benefits Specific to each country, we offer a competitive salary, stock options, health benefits, and unlimited PTO, parental leave, tuition reimbursements, and much more! The estimated total compensation range for this position is $140,000 - $150,000 (base plus bonus). Actual compensation for the position is based on a variety of factors, including, but not limited to affordability, skills, qualifications and experience, and may vary from the range. In addition to base salary, employees may also be eligible for annual performance‑based incentive compensation awards and equity, among other company benefits. Equal Employment Opportunity SecurityScorecard is committed to Equal Employment Opportunity and embraces diversity. We believe that our team is strengthened through hiring and retaining employees with diverse backgrounds, skill sets, ideas, and perspectives. We make hiring decisions based on merit and do not discriminate based on race, color, religion, national origin, sex or gender (including pregnancy) gender identity or expression (including transgender status), sexual orientation, age, marital, veteran, disability status or any other protected category in accordance with applicable law. We also consider qualified applicants regardless of criminal histories, in accordance with applicable law. We are committed to providing reasonable accommodations for qualified individuals with disabilities in our job application procedures. If you need assistance or accommodation due to a disability, please contact View email address on click.appcast.io. Any information you submit to SecurityScorecard as part of your application will be processed in accordance with the Company’s privacy policy and applicable law. SecurityScorecard does not accept unsolicited resumes from employment agencies. Please note that we do not provide immigration sponsorship for this position. #LI-DNI #J-18808-Ljbffr Zoomcar
- JPMorgan Chase is hiring for a senior technical role within CRAFT, focused on complex problem-solving in cyber threat analysis and intrusion detection. Candidates will engage in hands-on technical research and analysis to support operational response during high-priority...SeniorIntelligence
$130k - $140k
Amentum is seeking a Counter Threat Finance Analyst SME in Washington, DC, to support the Department of Defense in creating a certification program. Responsibilities include providing intelligence analysis for law enforcement, drafting reports and action plans, and collaborating...SeniorIntelligence- G-Force Solutions Inc, located in Arlington, Virginia, is seeking Intelligence and Operations Analysis Specialists. The role involves analyzing CI threats and developing comprehensive research studies. Qualified candidates will collaborate closely with stakeholders and...SeniorIntelligence
- Witt/Kieffer is seeking a Senior Cyber Threat Intelligence Analyst to analyze threats, collect intelligence, and produce reports. Candidates should have extensive experience in analyzing cyber threats and strong communication skills, with a preference for a Bachelor's...SeniorIntelligenceFull time
- DEFTEC Corporation is hiring a Senior CBRN Analyst to provide critical support to the Department of Homeland Security. Located... ...in chemical, biological, radiological, and nuclear threats to produce intelligence for senior decision-makers. The ideal candidate will have...SeniorIntelligence
- A leading cybersecurity firm is seeking a Principal Threat Intelligence Researcher to deliver critical intelligence insights for clients. This remote role requires at least 7 years in the cyber threat intelligence field, exceptional analytical and communication skills,...SeniorIntelligenceRemote work
- Peraton is seeking a Mobile Threat Analyst based in Arlington, VA. The role involves conducting forensic examinations of mobile devices, analyzing mobile applications for threats, and assessing cybersecurity environments to bolster U.S. missions globally. Candidates should...SeniorIntelligenceFull time
- CoreWeave is seeking a Senior Threat Intelligence Specialist based in Washington, D.C. to lead geopolitical risk and supply chain intelligence efforts pivotal for global operations. You'll analyze geopolitical instability and produce actionable intelligence for key business...SeniorIntelligence
$140.5k - $210.5k
...assessments. The role demands a Bachelor's degree in a related field and 6-8 years of experience in cybersecurity. Key duties include threat intelligence analysis, incident response, and leading vulnerability management projects. The position is on-site in Washington and offers...SeniorIntelligence- Palo Alto Networks is seeking a threat intelligence analyst to provide actionable intelligence and analyze global datasets to track malicious cyber actors. The ideal candidate should possess experience with data analysis platforms and malware tools, and have strong communication...SeniorIntelligenceRemote job
- A defense contractor is seeking a Senior All-Source Analyst (Production / Janus/Hard Target) to support USCYBERCOM J2 in the National Capital... ...7+ years with a bachelor's degree, alongside knowledge in cyber threat analysis and the ability to work independently. The position...SeniorIntelligenceFor contractors
$104k - $166k
Peraton in Arlington, VA is seeking a Mobile Threat Analyst to conduct forensic examinations of mobile devices and analyze mobile applications for threats. The ideal candidate will have a Bachelor’s degree and relevant experience, possess cybersecurity certifications,...SeniorIntelligence$145k - $152k
PAE Government Services Inc. is looking for a professional to support counter-threat finance operations for U.S. and allied government agencies. The role includes coordinating intelligence analysis and enhancing strategic planning efforts. The ideal candidate will have...SeniorIntelligence$139.6k - $225.78k
Palo Alto Networks, Inc. is seeking a remote role focused on providing timely intelligence to identify cyber threats. This position involves leveraging global datasets to track malicious actors and collaborating with a worldwide team of analysts to develop strategic threat...SeniorIntelligenceRemote jobWorldwide- SOS International LLC in Washington, DC, is seeking a Cyber Intelligence Analyst III to oversee cyber threat intelligence activities. The role involves analyzing threats, supporting defense operations, and producing intelligence reports. Candidates should have at least...SeniorIntelligenceFull timeCasual workRemote workWorldwide
- ...religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law. Senior Cyber Threat Intelligence Analyst Qualifications 10 years' experience in conducting in-depth analysis of cyber threats, including malware,...SeniorIntelligenceFull timePart timeWork at office
$147.5k - $208.95k
The Senior Manager, Investigations & Insider Threat leads the AV Security organization’s investigative function and insider threat risk management program... ...’s degree in criminal justice, Security Studies, Intelligence, or related field (Master’s preferred). 8‑12+ years...SeniorIntelligencePermanent employmentFor contractors- Revolutional is seeking a Cyber Intelligence Analyst III in Washington, DC. This role involves managing the cyber intelligence lifecycle... ...clearance. You will work under pressure to brief findings to senior leadership, requiring deep experience in cybersecurity and intelligence...SeniorIntelligence
- TRM Labs is seeking an All-Source Intelligence Analyst to spearhead investigations against scams. This role requires 5-8+ years of all-source investigative experience, legal process expertise, and the ability to operate in dynamic environments. You will collaborate with...SeniorIntelligence
- ...in Bethesda, MD, is looking for an All-Source Analyst to support USCYBERCOM's mission. The role involves analyzing multi-source intelligence, producing reports, and collaborating with various intelligence community counterparts. The ideal candidate should have at least...SeniorIntelligence
- UltraViolet Cyber, located in McLean, Virginia, is actively seeking a Cyber Threat Researcher (Level II) for its Threat Intelligence & Detection Engineering team. This role involves engaging in threat hunts and creating effective threat detections to protect clients from...SeniorIntelligence
- ...Twenty’s offensive cyber research program—setting the... ...partner closely with engineering, product, and operations... ...executives and senior government stakeholders... ...teams, or nation-state threat research. You have... ...experience with multi-source intelligence fusion or cross-domain...IntelligenceFull timeWork at officeFlexible hours
$132k
A government contractor is seeking a mid- or senior-level All Source Analyst in Arlington, Virginia. This role supports the Army G-... ...in a relevant field, with at least 10 years of experience in intelligence analysis. The role offers a salary range of $132,000 and includes...SeniorIntelligenceFor contractors- Saic is hiring a Financial Intel Analyst in Arlington, VA. The role involves analyzing cryptocurrency and financial intelligence to support national security objectives. The successful candidate will produce actionable intelligence reports and collaborate with the intelligence...SeniorIntelligence
- ...exceptionally skilled Offensive Cyber Research Engineer for an in-office position in its... ...operations, advanced penetration testing, or threat intelligence analysis—to shape the technical... ...sophisticated offensive security assessments ~ Senior-level Threat Hunting and threat...IntelligenceFull timeWork at officeWorldwideFlexible hours
- ...seeking a CTF Planner (Expert) in Washington, DC, to support U.S. national security efforts. You will be instrumental in coordinating intelligence analysis, planning operations, and integrating best practices in support of the Department of Defense's critical missions. This...SeniorIntelligence
$143k - $210k
...CRWV) in March 2025. Learn more at What You’ll Do As a Senior Threat Intelligence Specialist, you will lead geopolitical risk and supply chain... .... This role will lead the collection, analysis, engineering, and operationalization of intelligence related to geopolitical...SeniorIntelligencePermanent employmentTemporary workWork at officeFlexible hours- ...performing processing, triage, threat analysis, and response to... ...., identifying cyber threat intelligence about suspicious processes,... ...exploit-db, etc.). Experience researching and analyzing cyber threats... ...and mission areas to inform senior leaders and drive priorities...SeniorIntelligenceCurrently hiring
$3,000 per month
...Martin, Rotary Mission Systems Cyber & Intelligence invites you to step up to one of today’s... ...cybersecurity experts on the forefront of threat protection and proactive prevention. In... ...standards, confer with users or system engineers; analyze systems flow, data usage and work...SeniorIntelligence- ...A cybersecurity and intelligence firm in Arlington, VA is seeking a Cyber Eviction Analyst with strong qualifications in incident response... .... This role involves serving as a subject matter expert in threat analysis, providing technical solutions, collaborating across...SeniorIntelligence
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Senior Research Engineer, Threat Intelligence. Be the first to apply!
- deep learning research engineer Washington DC
- senior research engineer Washington DC
- engineering business analyst Washington DC
- research engineer Washington DC
- engineering change analyst Washington DC
- engineering analyst Washington DC
- research programmer Washington DC
- senior game producer Washington DC
- senior electronic design engineer Washington DC
- senior robotics software engineer Washington DC


