# Director, Threat Research

**Company:** [Illumio](https://hotfix.jobs/companies/illumio)
**Location:** Sunnyvale, CA
**Role:** Security Engineering
**Salary:** $227k – $272k/yr
**Experience:** 10+ years
**Skills:** Mitre Att&Ck, Threat Intelligence, Detection Engineering, Incident Response, Security Graphs, Network Segmentation, Zero Trust, Ttp Analysis, Ioc Analysis, Graph Analytics, Telemetry Analysis, Ml Techniques
**Posted:** 2026-05-12

> Leads and builds a Threat Research team to analyze large-scale security datasets, uncover attacker TTPs using MITRE ATT&CK, and translate findings into product enhancements for breach detection and containment. Requires 10+ years in threat research or detection engineering with hands-on expertise and leadership experience.

## Job Description

## Responsibilities

- Define the team charter, research roadmap, operating model, and success metrics focused on measurable product impact and customer risk reduction.
- Design processes that transform large-scale security datasets into high-value insights, including structured feedback loops with Product, Engineering, and Security teams.
- Establish quality standards, documentation practices, and research methodologies tailored to our security graph platform.
- Build and track KPIs that demonstrate tangible improvements in detection efficacy, segmentation posture, and breach containment.

### Hands-On Threat Research and Analysis
- Personally analyze large-scale security datasets to uncover attacker behaviors, TTPs (Tactics, Techniques, and Procedures), emerging risks, and misconfigurations.
- Leverage the security graph to model attack paths, recommend segmentation strategies that reduce the risk of lateral movement, and identify opportunities for stronger breach containment.
- Map findings to **MITRE ATT&CK** and real-world adversary tradecraft; develop and validate hypotheses about evolving threats.
- Create internal threat models and risk frameworks that directly inform detection logic, data enrichment, graph quality, and policy recommendations.

### Product, Customer, and Strategic Impact
- Partner closely with Product Management and Engineering to translate research into concrete enhancements: improved detection algorithms, data tagging, analytics, and customer-facing risk insights.
- Collaborate with Customer Success, Field teams, and executives to communicate emerging threats observed in aggregate data and their implications for segmentation strategy.
- Influence product roadmap decisions and help position Illumio Insights as the industry benchmark for proactive threat-informed security.

### Scale and Lead the Team
- Hire, mentor, and grow a high-performing Threat Research team over time.
- Evolve the function from internal product-focused research into broader external thought leadership (publications, conference talks, industry reports).
- Foster a culture of curiosity, rigor, and impact-driven research.

## Requirements
- 10+ years of experience in threat research, detection engineering, incident response, or threat intelligence, with a proven track record of hands-on technical work.
- Prior experience as a manager or senior individual contributor who has successfully built or scaled a threat research capability from scratch.
- Deep expertise in attacker tradecraft, real-world TTP mapping (**MITRE ATT&CK**), IOC analysis, and incident response processes.
- Strong experience working directly with Product and Engineering teams in a security product company or vendor environment.
- Demonstrated ability to analyze security telemetry and translate complex findings into product improvements and business-relevant insights.
- Excellent written and verbal communication skills, including executive briefing experience.

## Preferred Qualifications
- Background in graph-based analytics, security graphs, or network segmentation/zero-trust environments.
- Hands-on experience with large-scale telemetry analysis and detection engineering.
- Familiarity with data science or ML techniques applied to threat detection.
- Track record of publishing threat research or speaking at industry conferences.

**Bonus Points:**
- Previous leadership role at a cybersecurity product company (endpoint, network security, or analytics-focused vendor).
- Experience integrating external threat intelligence and vulnerability data into product features.
- Public thought leadership portfolio (blogs, reports, talks, or open-source contributions).

## Similar roles

- [Director, Ecosystem Product Security](https://hotfix.jobs/jobs/1a713979-c2ef-4231-b621-264f3d938b57) - Stellar - San Francisco, CA - $225k – $335k/yr
- [Director, Information Security & Technology](https://hotfix.jobs/jobs/206a3607-4d09-42a8-8ff7-ff8d9b3096f3) - GameChanger - Remote - $220k – $240k/yr
- [Director, Detection Engineering & Threat Hunting](https://hotfix.jobs/jobs/00931fb7-41de-4468-afde-aee4dc3654cd) - Huntress - Remote - $220k – $240k/yr
- [Privacy Engineering Director](https://hotfix.jobs/jobs/7a45a3ca-90d8-4d75-bac1-d9537bd8a64f) - DuckDuckGo - Remote - $244k – $244k/yr
- [Engineering Director, Application Security](https://hotfix.jobs/jobs/f5c7154c-b666-4c99-9aba-cb878825ba3b) - Trail of Bits - Remote - $250k – $300k/yr

**Apply:** https://hotfix.jobs/jobs/594b9a33-1ae5-4e7b-b9ff-128c42de0525
**Canonical:** https://hotfix.jobs/jobs/594b9a33-1ae5-4e7b-b9ff-128c42de0525