Staff Threat Intelligence Researcher

About the role

At Arctic Wolf, you will not just watch the cybersecurity industry evolve - you will help lead the change. Our global team is made up of people who thrive on solving complex problems, moving quickly, and building technology that protects organizations around the world. We are proud to be recognized by Forbes, CNBC, Fortune, CRN, Gartner Peer Insights, and International Data Corporation MarketScape. What matters most is the work behind these recognitions: delivering real outcomes for customers through award-winning innovation such as our Aurora Platform. If you are looking for meaningful work, smart teammates, and the opportunity to make a real impact in a high-growth company that is redefining security operations, Arctic Wolf is the right place for you. Our mission is simple: End Cyber Risk. We are looking for a Staff Threat Intelligence Researcher to help achieve this mission. The Staff Threat Intelligence Researcher will contribute to our Threat Intelligence organization by leading advanced cyber threat intelligence research and translating adversary insights into measurable defensive outcomes. This role focuses on deep technical analysis, adversary tracking, intelligence-driven detection, and operational collaboration to improve threat visibility, detection coverage, and incident response effectiveness across the organization. As a senior technical authority, this role will shape intelligence methodologies, establish analytical standards, mentor peers, and deliver actionable intelligence that directly strengthens Arctic Wolf's security operations and customer protection capabilities. IN THIS ROLE, YOU WILL: - Lead and contribute to threat actor, malware family, and campaign tracking by correlating malware samples, infrastructure, delivery mechanisms, and adversary tradecraft - Conduct end-to-end cyber threat intelligence research aligned with established frameworks such as the Cyber Threat Intelligence lifecycle, MITRE ATT&CK, and the Diamond Model - Perform static and dynamic malware analysis across malicious binaries, scripts, and document-based delivery mechanisms - Investigate malicious network infrastructure and command-and-control activity by pivoting across domains, Internet Protocol addresses, certificates, and related artifacts - Translate intelligence findings into actionable detection and threat hunting logic using technologies such as YARA, Sigma, and Suricata - Analyze Windows or macOS internals including application programming interfaces, obfuscation techniques, system calls, and execution behaviors - Apply advanced open-source intelligence techniques, pivoting methodologies, and enrichment across multiple intelligence platforms and data sources - Research Deep Web ecosystems including crimeware-as-a-service and ransomware-as-a-service operations - Analyze and correlate large-scale datasets using technologies such as Structured Query Language, Python, or Excel to extract actionable intelligence insights - Develop automation and enrichment workflows using scripting languages such as Python - Partner closely with Security Operations Center and Managed Detection and Response teams to operationalize intelligence into detection, triage, and response workflows - Support Request for Intelligence workflows by delivering timely and actionable intelligence to operational teams - Provide escalation support for high-confidence threat events, including enrichment, attribution context, and recommended response actions - Contribute real-time intelligence support during active incidents and investigations - Develop intelligence-to-detection feedback loops that improve coverage and operational visibility - Create scalable intelligence dissemination methods including alerts, intelligence briefs, and knowledge base updates - Standardize analytical frameworks, intelligence validation practices, and operational research methodologies - Publish technical research, tradecraft methodologies, blogs, whitepapers, or present at industry workshops and conferences YOU WILL BE SUCCESSFUL IN THIS ROLE IF: - You are recognized as a technical authority within one or more adversary ecosystems such as ransomware, financially motivated crimeware, or nation-state operations - You have strong experience in cyber threat intelligence research, adversary tracking, and intelligence analysis - You have hands-on experience applying threat intelligence to detection engineering, threat hunting, incident response, or threat modeling - You have experience with malware analysis tooling, host telemetry, and network telemetry analysis - You possess strong knowledge of modern threat intelligence frameworks and methodologies - You have experience translating intelligence into measurable operational outcomes and defensive improvements - You are comfortable working independently within highly ambiguous and rapidly evolving threat environments - You have strong analytical, communication, and problem-solving skills - You have experience men

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at arcticwolf? Share your experience