Staff Threat Research Engineer

🕒 March 26

🇺🇸 United States – Remote

💵 $162k - $190k / year

⏰ Full Time

🔴 Lead

📚 Research Engineer

🦅 H1B Visa Sponsor

info
Apply Now
Find Similar Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Logo of Sumo Logic

Sumo Logic

501 - 1000 employees

Founded 2010

☁️ SaaS

🔒 Cybersecurity

💰 $110M Series G on 2019-05

SaaS • Cybersecurity • Cloud Computing

Sumo Logic is a cloud-based machine data analytics company that offers a comprehensive platform for monitoring, troubleshooting, automating, and defending IT infrastructures. The company specializes in cloud security intelligence, leveraging AI and machine learning to provide enhanced observability and security threat detection. It is known for its powerful log management capabilities, which help organizations unlock cloud security and efficiently troubleshoot system issues. Sumo Logic's platform integrates seamlessly with cloud services, providing infrastructure monitoring and application observability to modernize IT operations. Their solutions are tailored to various use cases, including DevSecOps, cloud migration, and digital customer experience enhancement.

📋 Description

• Conduct and lead both applied and original threat research, transforming intelligence, telemetry, and investigation into actionable detection logic for the Sumo Logic SIEM. • Collaborate closely within Threat Labs to design, build, and refine detection content and validation pipelines that raise the bar for product and customer detection quality. • Drive innovation in detection methodologies, including research activities such as malware analysis, infrastructure tracking, or honeypot operations, to discover new attacker behaviors. • Publish and share findings — from detection logic to behavioral analysis and practical hunting guidance — that help customers maximize SIEM outcomes. • Contribute to Threat Labs’ long‑term vision of a research‑driven, continuously evolving detection ecosystem built on practitioner insight and technical depth. • Research, develop, and test threat detection logic in a lab environment, validating against real‑world attacker behaviors and ensuring technical alignment with Sumo Logic SIEM capabilities. • Conduct original threat research, such as analyzing malware, tracking infrastructure, or experimenting with honeypots, and translate findings into detection opportunities. • Investigate industry and adversary trends to identify emerging detection opportunities. • Collaborate with product management and fellow Threat Labs engineers to scope and prioritize detection campaigns. • Maintain and expand Threat Labs’ research lab infrastructure. • Provide practitioner feedback to engineering and product management to inform feature design and roadmap decisions. • Contribute to the security community through blogs, conference talks, open source projects, and public research contributions.

🎯 Requirements

• 12+ years of cybersecurity experience that includes a mix of: • Senior/Principal SOC analyst, threat hunter, or purple team practitioner • Incident responder or detection engineer roles • Demonstrated ability to progress threat research into actionable detections and incident response outcomes. • Experience conducting original or self‑directed threat research that resulted in novel findings — for example, malware or infrastructure analysis, honeypot operations, or similar investigative work leading to actionable insights. • Broad knowledge of multiple technology stacks and a strong curiosity to learn new platforms. • Deep experience with multiple major public clouds (AWS, Azure, or GCP), and familiarity with analyzing cloud‑native logs and telemetry. • Understanding of emerging attack techniques targeting AI infrastructure and machine learning pipelines (e.g., data poisoning, model theft, or prompt injection), and familiarity with frameworks such as MITRE ATLAS. • Proven history of thought leadership through blogs, LinkedIn articles, or conference presentations. • Background in the cybersecurity vendor space, with experience providing expert feedback to product and engineering teams. • Prior experience in customer-facing technical roles (consulting, remote support, or advisory). • Hands‑on familiarity with offensive security tools (Atomic Red Team, Sliver, Cobalt Strike, etc.). • Scripting or automation capability (Python, PowerShell, etc.). • Experience with Security Orchestration, Automation, and Response (SOAR) technology. • Recognized presence or active participation in the security community (e.g., X/Twitter, conferences, open source). • Experience applying AI or machine learning techniques to improve operational efficiency and automation across the detection rule development lifecycle — from research and validation to deployment and tuning.

🏖️ Benefits

• health insurance • retirement plans • flexible work arrangements • professional development • bonuses

Apply Now

Similar Jobs

🕒 November 8, 2025

Cohere

11 - 50

🤖 Artificial Intelligence

🏢 Enterprise

☁️ SaaS

Staff Research Engineer developing techniques for improving speed and efficiency of AI models at Cohere. Join a diverse team focused on advanced AI research and model optimization.

🕒 August 9, 2025

Liquid AI

51 - 200

🤖 Artificial Intelligence

🤝 B2B

🏢 Enterprise

Join Liquid's team to optimize GPU kernels for AI while shaping future technology.

🕒 August 9, 2025

Liquid AI

51 - 200

🤖 Artificial Intelligence

🤝 B2B

🏢 Enterprise

Join Liquid AI to lead data efforts in training foundation models through robust datasets.