Principal Threat Research Lead

We are seeking a Principal Threat Research Lead with deep expertise in threat intelligence, advanced analytics, and AI-driven detection systems. The ideal candidate will demonstrate a proven ability to lead large-scale technical initiatives, influence platform direction, and deliver high-impact security innovations across complex, multi-cloud environments. Set technical vision for advanced threat research spanning Threat Intelligence, analytics, and AI across large-scale, cross-domain telemetry platforms — and stay hands-on enough to prove it works. Lead deep research into emerging threats, attacker TTPs, and campaign behavior across endpoint, identity, email, cloud apps, and multi-cloud surfaces — translating insight into concrete detection and response strategy. Architect AI/ML-driven detection systems — behavioral analytics, anomaly detection, and agentic / LLM-powered enrichment and investigation pipelines — including the evaluation, guardrails, and abuse-resistance (e.g. prompt-injection defense, output validation) that make them production-safe. Operationalize intelligence-to-detection pipelines that continuously convert TI into scalable, production-grade detections, managed as detection-as-code (versioned, tested, backtested, CI-deployed). Establish efficacy frameworks for detection coverage, false-negative reduction, and signal-to-noise optimization at scale, with clear metrics (precision/recall, true-alert ratio, FP/FN discovery). Individually author and ship high-fidelity detections and hunts when it matters — triaging their false positives and measuring production performance. Drive cross-tenant signal correlation, multi-stage attack analysis, and graph-based campaign stitching as a core research capability. Collaborate cross-functionally with Product, Engineering, and Operations to productionize research into customer-facing protection. Mentor senior researchers and engineers, setting the bar for technical depth, innovation, and execution rigor. Influence internal and industry strategy through thought leadership, leadership/customer threat briefings, research publications, and contributions to the security community. Required 12+ years of experience in threat research, threat intelligence, detection engineering, or security analytics within large-scale, complex environments. Proven ability to lead and individually execute advanced research on emerging threats across cloud, identity, endpoint, and multi-domain attack surfaces. Demonstrated expertise in at least one core domain—Threat Intelligence, AI/ML for Security, or Security Analytics—with strong cross-domain proficiency. Depth in at least one major cloud (Azure preferred) and solid working knowledge of modern multi-cloud attack vectors. Strong proficiency in data analysis and engineering tools (e.g., KQL, Python, ADX and notebook-driven exploration) and experience working with large-scale analytical pipelines. Proven ability to independently drive ambiguous, high-impact technical problems to completion. Ability to influence cross-functional teams and communicate complex technical concepts to diverse audiences, including leadership and customers. Experience with AI/agentic systems for security — RAG over intel, LLM evaluation, guardrails, and defense against model abuse. Cross-tenant signal correlation, multi-stage attack analysis, or graph-based campaign stitching. Data-science rigor: feature engineering, model evaluation, and detection drift/decay monitoring. Adversary emulation, malware analysis, or reverse-engineering background. Experience operating on customer telemetry at scale under privacy and compliance constraints