Director, Threat Research

Responsibilities

• Define the team charter, research roadmap, operating model, and success metrics focused on measurable product impact and customer risk reduction.
• Design processes that transform large-scale security datasets into high-value insights, including structured feedback loops with Product, Engineering, and Security teams.
• Establish quality standards, documentation practices, and research methodologies tailored to our security graph platform.
• Build and track KPIs that demonstrate tangible improvements in detection efficacy, segmentation posture, and breach containment.

Hands-On Threat Research and Analysis

• Personally analyze large-scale security datasets to uncover attacker behaviors, TTPs (Tactics, Techniques, and Procedures), emerging risks, and misconfigurations.
• Leverage the security graph to model attack paths, recommend segmentation strategies that reduce the risk of lateral movement, and identify opportunities for stronger breach containment.
• Map findings to MITRE ATT&CK and real-world adversary tradecraft; develop and validate hypotheses about evolving threats.
• Create internal threat models and risk frameworks that directly inform detection logic, data enrichment, graph quality, and policy recommendations.

Product, Customer, and Strategic Impact

• Partner closely with Product Management and Engineering to translate research into concrete enhancements: improved detection algorithms, data tagging, analytics, and customer-facing risk insights.
• Collaborate with Customer Success, Field teams, and executives to communicate emerging threats observed in aggregate data and their implications for segmentation strategy.
• Influence product roadmap decisions and help position Illumio Insights as the industry benchmark for proactive threat-informed security.

Scale and Lead the Team

• Hire, mentor, and grow a high-performing Threat Research team over time.
• Evolve the function from internal product-focused research into broader external thought leadership (publications, conference talks, industry reports).
• Foster a culture of curiosity, rigor, and impact-driven research.

Requirements

• 10+ years of experience in threat research, detection engineering, incident response, or threat intelligence, with a proven track record of hands-on technical work.
• Prior experience as a manager or senior individual contributor who has successfully built or scaled a threat research capability from scratch.
• Deep expertise in attacker tradecraft, real-world TTP mapping (MITRE ATT&CK), IOC analysis, and incident response processes.
• Strong experience working directly with Product and Engineering teams in a security product company or vendor environment.
• Demonstrated ability to analyze security telemetry and translate complex findings into product improvements and business-relevant insights.
• Excellent written and verbal communication skills, including executive briefing experience.

Preferred Qualifications

• Background in graph-based analytics, security graphs, or network segmentation/zero-trust environments.
• Hands-on experience with large-scale telemetry analysis and detection engineering.
• Familiarity with data science or ML techniques applied to threat detection.
• Track record of publishing threat research or speaking at industry conferences.

Bonus Points:

• Previous leadership role at a cybersecurity product company (endpoint, network security, or analytics-focused vendor).
• Experience integrating external threat intelligence and vulnerability data into product features.
• Public thought leadership portfolio (blogs, reports, talks, or open-source contributions).