SecurityScorecard is the global leader in cybersecurity ratings, with over 12 million companies continuously rated, operating in 64 countries. Founded in 2013 by security and risk experts Dr. Alex Yampolskiy and Sam Kassoumeh and funded by world-class investors, SecurityScorecard’s patented rating technology is used by over 25,000 organizations for self-monitoring, third-party risk management, board reporting, and cyber insurance underwriting; making all organizations more resilient by allowing them to easily find and fix cybersecurity risks across their digital footprint.

Headquartered in New York City, our culture has been recognized by Inc Magazine as a "Best Workplace,” by Crain’s NY as a "Best Places to Work in NYC," and as one of the 10 hottest SaaS startups in New York for two years in a row. Most recently, SecurityScorecard was named to Fast Company’s annual list of the World’s Most Innovative Companies for 2023 and to the Achievers 50 Most Engaged Workplaces in 2023 award recognizing “forward-thinking employers for their unwavering commitment to employee engagement.” SecurityScorecard is proud to be funded by world-class investors including Silver Lake Waterman, Moody’s, Sequoia Capital, GV and Riverwood Capital.

About the Role:

You have spent years in the middle of it: tracking adversaries, monitoring underground forums, mapping infrastructure, and producing intelligence that actually got used. You know what a threat looks like before it becomes a headline. And you can explain what you found to someone who has never heard of a C2 server.

As a Threat Researcher at SecurityScorecard, you will produce original intelligence that feeds our platform, drives our demand generation engine, and positions SSC as the most credible voice in cybersecurity research. Your work will appear in the reports that make BDRs get responses, the briefings that pull enterprise buyers to our events, and the data that underpins DriftNet's commercial expansion. This is not a back-office research role. Your output reaches customers, media, and the security community.

What You Will Do:

Produce finished threat intelligence: monthly and quarterly research reports, blog posts, and executive briefings that translate complex technical findings into content that non-technical buyers can act on.
Hunt threats proactively: track adversary TTPs, monitor dark web and underground forums, map infrastructure, and identify signals before they become public. Gilad's team produces the major quarterly deep reports; you support the higher-cadence monthly output.
Deploy AI-assisted workflows: use LLMs and automation tooling to accelerate your research pipeline, improve synthesis quality, and increase output velocity. This is a core expectation, not a bonus.
Write automation code: build Python scripts and pipelines for data collection, API querying, signal extraction, and detection logic. Your code is part of what you ship, not a side task.
Leverage data extraction tools to pull intelligence from SSC's proprietary data platform, producing insights that marketing can self-serve on and that inform customer-facing content.
Present and evangelize: get on webinars, show up at customer events, and explain what the data means to a CISO, an insurance buyer, or a CFO. Your credibility as a practitioner is the draw.
Collaborate with marketing team to align research output with content calendar, customer event needs, and demand generation goals.
Contribute to SSC's published research presence: blog posts, reports, and media briefings that build brand and drive inbound pipeline.

Required Qualifications:

3-6 years of hands-on threat intelligence experience at a commercial vendor, financial institution, or intelligence-community organization with commercial output requirements. You have produced finished intelligence that went to paying customers or external audiences.
Proven written output: you have published research, written reports, or produced briefings that non-technical readers could act on. Work samples are required.
Software engineering baseline: you write Python as a standard part of your research workflow for automation, data collection, API querying, and pipeline building. You also deploy AI and LLM tooling as a daily force multiplier, not a novelty.
Proactive hunter mentality: you identify signals before they surface publicly. You have a process, not just a reactive monitoring habit.
Clear communication and synthesis: you write with precision and brevity. A 300-word brief for a CMO is as important as a 10-page whitepaper for a CISO.
Customer-facing capability: you can present research at an event, get on a webinar, and hold a room. Practitioner credibility is your advantage.
Bachelor's degree in Cybersecurity, Computer Science, Journalism, Political Science, or equivalent. Demonstrated output accepted in lieu of formal degree.

Preferred Qualifications:

Background from a pure-play commercial TI vendor: Flashpoint, Recorded Future, Mandiant, CrowdStrike, Palo Alto Unit 42, Proofpoint, ZeroFox, Intel 471, Cybersixgill.
Financial services threat intelligence background: JPMorgan, Citigroup, Goldman Sachs, or equivalent TI teams where output is commercially oriented.
Published research, CVEs, conference presentations (Black Hat, DEF CON, RSA), or a recognized GitHub or blog presence.
Experience with DriftNet, Shodan, VirusTotal Intelligence, MISP, or comparable data platforms.
Detection engineering: YARA, Sigma, or Snort signature development. The ability to operationalize a research finding into a detection is a meaningful differentiator.
Familiarity with large-scale data pipelines or streaming platforms (Kafka, Splunk, or equivalent). SSC runs significant data infrastructure and understanding how signals flow through it matters.
Prior experience producing content that supported marketing, demand generation, or customer-facing commercial goals.

Benefits:

Specific to each country, we offer a competitive salary, stock options, Health benefits, and unlimited PTO, parental leave, tuition reimbursements, and much more!

The estimated total compensation range for this position is $80,000 - 120,000 (base plus bonus). Actual compensation for the position is based on a variety of factors, including, but not limited to affordability, skills, qualifications and experience, and may vary from the range. In addition to base salary, employees may also be eligible for annual performance-based incentive compensation awards and equity, among other company benefits.

SecurityScorecard is committed to Equal Employment Opportunity and embraces diversity. We believe that our team is strengthened through hiring and retaining employees with diverse backgrounds, skill sets, ideas, and perspectives. We make hiring decisions based on merit and do not discriminate based on race, color, religion, national origin, sex or gender (including pregnancy) gender identity or expression (including transgender status), sexual orientation, age, marital, veteran, disability status or any other protected category in accordance with applicable law.

We also consider qualified applicants regardless of criminal histories, in accordance with applicable law. We are committed to providing reasonable accommodations for qualified individuals with disabilities in our job application procedures. If you need assistance or accommodation due to a disability, please contact talentacquisitionoperations@securityscorecard.io.

Any information you submit to SecurityScorecard as part of your application will be processed in accordance with the Company’s privacy policy and applicable law.

SecurityScorecard does not accept unsolicited resumes from employment agencies. Please note that we do not provide immigration sponsorship for this position. #LI-DNI

Apply now

See more open positions at SecurityScorecard

Powered by Getro.com

Privacy policy Cookie policy