# Director, Threat Research
**Company:** [Illumio](https://hotfix.jobs/companies/illumio)
**Location:** Sunnyvale, CA
**Salary:** $227K-$272K
**Experience:** 10+ years
**Skills:** Mitre Att&Ck, Threat Intelligence, Detection Engineering, Incident Response, Security Graphs, Network Segmentation, Zero Trust, Ttp Analysis, Ioc Analysis, Graph Analytics, Telemetry Analysis, Ml Techniques
**Posted:** 2026-05-12
> Leads and builds a Threat Research team to analyze large-scale security datasets, uncover attacker TTPs using MITRE ATT&CK, and translate findings into product enhancements for breach detection and containment. Requires 10+ years in threat research or detection engineering with hands-on expertise and leadership experience.
## Job Description
## Responsibilities

- Define the team charter, research roadmap, operating model, and success metrics focused on measurable product impact and customer risk reduction.
- Design processes that transform large-scale security datasets into high-value insights, including structured feedback loops with Product, Engineering, and Security teams.
- Establish quality standards, documentation practices, and research methodologies tailored to our security graph platform.
- Build and track KPIs that demonstrate tangible improvements in detection efficacy, segmentation posture, and breach containment.

### Hands-On Threat Research and Analysis
- Personally analyze large-scale security datasets to uncover attacker behaviors, TTPs (Tactics, Techniques, and Procedures), emerging risks, and misconfigurations.
- Leverage the security graph to model attack paths, recommend segmentation strategies that reduce the risk of lateral movement, and identify opportunities for stronger breach containment.
- Map findings to **MITRE ATT&CK** and real-world adversary tradecraft; develop and validate hypotheses about evolving threats.
- Create internal threat models and risk frameworks that directly inform detection logic, data enrichment, graph quality, and policy recommendations.

### Product, Customer, and Strategic Impact
- Partner closely with Product Management and Engineering to translate research into concrete enhancements: improved detection algorithms, data tagging, analytics, and customer-facing risk insights.
- Collaborate with Customer Success, Field teams, and executives to communicate emerging threats observed in aggregate data and their implications for segmentation strategy.
- Influence product roadmap decisions and help position Illumio Insights as the industry benchmark for proactive threat-informed security.

### Scale and Lead the Team
- Hire, mentor, and grow a high-performing Threat Research team over time.
- Evolve the function from internal product-focused research into broader external thought leadership (publications, conference talks, industry reports).
- Foster a culture of curiosity, rigor, and impact-driven research.

## Requirements
- 10+ years of experience in threat research, detection engineering, incident response, or threat intelligence, with a proven track record of hands-on technical work.
- Prior experience as a manager or senior individual contributor who has successfully built or scaled a threat research capability from scratch.
- Deep expertise in attacker tradecraft, real-world TTP mapping (**MITRE ATT&CK**), IOC analysis, and incident response processes.
- Strong experience working directly with Product and Engineering teams in a security product company or vendor environment.
- Demonstrated ability to analyze security telemetry and translate complex findings into product improvements and business-relevant insights.
- Excellent written and verbal communication skills, including executive briefing experience.

## Preferred Qualifications
- Background in graph-based analytics, security graphs, or network segmentation/zero-trust environments.
- Hands-on experience with large-scale telemetry analysis and detection engineering.
- Familiarity with data science or ML techniques applied to threat detection.
- Track record of publishing threat research or speaking at industry conferences.

**Bonus Points:**
- Previous leadership role at a cybersecurity product company (endpoint, network security, or analytics-focused vendor).
- Experience integrating external threat intelligence and vulnerability data into product features.
- Public thought leadership portfolio (blogs, reports, talks, or open-source contributions).
**Apply:** https://hotfix.jobs/jobs/director-threat-research-at-illumio-594b9a33-1ae5-4e7b-b9ff-128c42de0525
**Canonical:** https://hotfix.jobs/jobs/director-threat-research-at-illumio-594b9a33-1ae5-4e7b-b9ff-128c42de0525