At Arctic Wolf, you will not just watch the cybersecurity industry evolve – you will help lead the change. Our global team is made up of people who thrive on solving complex problems, moving quickly, and building technology that protects organizations around the world. We are proud to be recognized by Forbes, CNBC, Fortune, CRN, Gartner Peer Insights, and International Data Corporation MarketScape. What matters most is the work behind these recognitions: delivering real outcomes for customers through award-winning innovation such as our Aurora Platform.
If you are looking for meaningful work, smart teammates, and the opportunity to make a real impact in a high-growth company that is redefining security operations, Arctic Wolf is the right place for you.
Our mission is simple: End Cyber Risk.
We are looking for a Senior Threat Researcher Endpoint/Cloud - Detections to help achieve this mission.
The SSenior Threat Researcher Endpoint/Cloud - Detections will contribute to our Detection Engineering organization by developing, maintaining, and enhancing advanced security detections across endpoint, cloud, and network environments. This role will focus on building high-quality detection content, improving detection efficacy, researching emerging threats, and delivering actionable intelligence that helps protect Arctic Wolf customers from evolving cyber threats.
IN THIS ROLE, YOU WILL:
Develop and maintain high-quality custom detection rules across endpoint, cloud, and network environmentsResearch emerging threats, attack techniques, and telemetry sources to improve detection coverage and effectivenessDesign, develop, and continuously improve anomaly-based and behavioral-based detectionsConduct code reviews and provide constructive feedback to ensure code quality, maintainability, and scalabilityTroubleshoot, debug, and enhance existing detection and signature codebasesParticipate in the full software development life cycle by building secure, efficient, testable, and maintainable detection contentCollaborate with team members to develop innovative detections and continuously tune existing detection capabilitiesPropose improvements to detection coverage, efficacy, and overall security visibilityBuild runbooks, reports, documentation, and supporting materials for detection surfacesDocument research findings and share knowledge across engineering, security operations, and research teamsCommunicate technical concepts and security findings effectively to both technical and non-technical audiencesContinuously learn and adopt industry best practices in software development, detection engineering, and cybersecurityParticipate in research and development demonstrations, innovation initiatives, and annual hackathon events that contribute to future product capabilitiesYOU WILL BE SUCCESSFUL IN THIS ROLE IF:
You have 6 or more years of experience authoring and maintaining security detectionsYou have strong expertise in endpoint, cloud, or network detection and signature developmentYou have experience developing anomaly-based and behavioral-based detectionsYou have extensive experience tuning and optimizing detections to improve fidelity and reduce false positivesYou possess deep knowledge of networking concepts, protocols, and authentication technologies including Transmission Control Protocol/Internet Protocol, Domain Name System, Lightweight Directory Access Protocol, and New Technology LAN ManagerYou have proven experience researching and developing detections related to network-based threat vectorsYou have experience using MITRE ATT&CK, packet capture analysis, and threat intelligence sources to drive detection developmentYou have strong knowledge of cybersecurity principles, threat detection methodologies, and adversary behaviorsYou have experience working with security monitoring and detection technologies within Managed Detection and Response environmentsYou are passionate about solving complex security challenges and continuously improving detection capabilitiesHelpful to Have:
Experience developing Security Information and Event Management detectionsExperience creating Endpoint Detection and Response detections and signaturesExperience authoring Sigma and YARA rulesExperience developing cloud security detectionsExperience with programming languages such as Python, Go, Java, or C++Experience with Test Driven Development methodologiesExperience using DevOps practices, tooling, and automation frameworksExperience applying secure software development practicesExperience building and deploying solutions in cloud environments including Amazon Web Services, Microsoft Azure, and Google Cloud PlatformExperience working with Kubernetes, containers, infrastructure-as-a-service, and platform-as-a-service technologiesExperience working within Agile software development methodologies including Scrum and KanbanExperience with Next Generation Firewall technologies from vendors such as Palo Alto Networks, Cisco, or FortinetExperience using open-source intrusion detection, intrusion prevention, and network security monitoring technologies such as Zeek or SuricataDo not meet all the requirements? That is okay. We still encourage you to apply. We have many opportunities and are always looking for strong talent.
On-Camera Policy
To support a fair, transparent, and engaging interview experience, candidates interviewing remotely are expected to be on camera during all video interviews. Being on camera fosters authentic connection, improves communication, and allows for full engagement from both candidates and interviewers. We understand that technical, bandwidth, or location-related challenges may occasionally prevent video use. If this applies, candidates are required to notify us in advance so we can explore appropriate accommodations.
At Arctic Wolf, we foster a collaborative and inclusive work environment that thrives on diversity of thought, background, and culture. This is reflected in our multiple awards, including Top Workplace United States, Best Places to Work United States, Great Place to Work Canada, Great Place to Work United Kingdom, and Kununu Top Company Germany. Our commitment to bold growth and shaping the future of security operations is matched by our dedication to customer satisfaction, with over 10,000 customers worldwide and more than 2,000 channel partners globally. As we continue to expand and enhance our technology, Arctic Wolf remains a trusted name in the industry.
Our Values
Arctic Wolf recognizes that success comes from delighting our customers, so we work together to ensure that happens every day. We believe in diversity and inclusion and value the unique perspectives all employees bring to the organization. By protecting sensitive data and working to end cyber risk, we contribute to an industry that serves the greater good.
We celebrate diverse perspectives through our Pack Unity program and encourage employees to participate in or create new alliances.
We also believe in corporate responsibility and have joined the Pledge One Percent movement to give back to our communities.
All employees receive compelling compensation and benefits packages, including:
Equity for all employeesFlexible annual leave, paid holidays, and volunteer daysTraining and career development programsComprehensive private benefits plan including medical insurance for you and your family, life insurance equal to three times compensation, and personal accident insuranceFertility support and paid parental leaveArctic Wolf is an equal opportunity employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics, or any other basis forbidden under applicable law. We are committed to fostering a welcoming, accessible, and inclusive environment.
Security Requirements
Conduct duties in accordance with Arctic Wolf information security policies, standards, and controlsBackground checks are required for this positionThis role may require access to information protected under United States export control laws and regulations