Manager Threat Research (Adversary Emulation)

About the role

At Arctic Wolf , you will not just watch the cybersecurity industry evolve - you will help lead the change. Our global team is made up of people who thrive on solving complex problems, moving quickly, and building technology that protects organizations around the world. We are proud to be recognized by Forbes, CNBC, Fortune, CRN, Gartner Peer Insights, and International Data Corporation MarketScape. What matters most is the work behind these recognitions: delivering real outcomes for customers through award-winning innovation such as our Aurora Platform. If you are looking for meaningful work, smart teammates, and the opportunity to make a real impact in a high-growth company that is redefining security operations, Arctic Wolf is the right place for you. Our mission is simple: End Cyber Risk. We are looking for a Manager, Threat Research (Adversary Emulation) to help achieve this mission. The Manager, Threat Research will contribute to our Arctic Wolf Labs organization by leading a team focused on adversary emulation, threat research, and detection development. This team is responsible for simulating real-world adversary techniques in controlled environments and developing high-quality detection content based on host, network, cloud, and identity telemetry. This role combines technical leadership, people management, and strategic planning to ensure the successful delivery of innovative detection capabilities that strengthen Arctic Wolf's ability to identify and respond to emerging threats. IN THIS ROLE, YOU WILL: - Lead and manage a team of threat researchers and detection developers responsible for adversary emulation and detection content development - Partner with Product Management, Security Services, Engineering, and Arctic Wolf Labs leadership to define priorities and execute against strategic roadmaps - Develop and deliver high-quality detection content across endpoint, network, cloud, and identity attack surfaces - Guide the team in conducting adversary emulation activities to identify detection gaps and improve security coverage - Support the team by providing technical direction, removing obstacles, and ensuring alignment with organizational objectives - Execute and deliver against product and research roadmaps while contributing to longer-term strategy and planning - Collaborate with architects and engineering leaders to define and execute technical initiatives and platform improvements - Oversee the full software development lifecycle, ensuring quality, scalability, and operational excellence - Drive development of anomaly-based and behavior-based detections with a focus on efficacy, performance, and customer value - Ensure compliance with information security management system requirements, secure coding standards, and acceptable use policies - Establish and maintain strong relationships with stakeholders across product management, security operations, engineering, and customer-facing teams - Drive continuous improvements in development processes, detection quality, automation, and team effectiveness - Monitor team performance, delivery metrics, and project execution to ensure successful outcomes - Lead recruitment efforts and workforce planning activities to support team growth - Manage team budgets, training investments, conference participation, and other administrative responsibilities - Represent Arctic Wolf through technical leadership, industry engagement, and knowledge-sharing initiatives where appropriate YOU WILL BE SUCCESSFUL IN THIS ROLE IF: - You have 6 or more years of experience in cybersecurity with a focus on threat research, threat detection, detection engineering, or signature development - You have at least 3 years of experience leading technical teams within cybersecurity, threat research, penetration testing, or related disciplines - You have experience developing detection content using host, network, cloud, and identity telemetry - You possess strong knowledge of Windows internals, Windows event logging, and Sigma rule development - You have experience working with cloud and identity telemetry, including Amazon Web Services CloudTrail, Microsoft Azure Activity Logs, identity providers, application programming interface activity logs, and email security telemetry - You have strong understanding of network protocols, network security architecture, and network monitoring technologies - You have experience with intrusion detection and prevention systems, threat intelligence platforms, and Suricata rule development - You are proficient in scripting languages such as Python, Bash, or PowerShell - You have experience working with Security Information and Event Management platforms such as Splunk, Elasticsearch, or similar technologies - You have demonstrated success developing, tuning, and optimizing anomaly-based and behavior-based detections - You have experience leading agile software development teams and delivering complex technical projects - You have a proven histor