Note: The job is a remote job and is open to candidates in USA. DNSFilter is a rapidly growing company dedicated to creating a safer internet for businesses and organizations worldwide. They are seeking a Principal Threat Researcher to create, derive, and refine scalable threat actor and campaign fingerprints using DNS and other data sources, emphasizing high-impact research and strong OSINT/threat hunting tradecraft.
Responsibilities
• Identify, categorize, and track malicious campaigns
• Own cluster-related infrastructure, building novel, high-fidelity clustering methods
• Continuously refine fingerprints and tradecraft as adversaries shift TTPs
• Develop and validate logical assumptions about operator behavior using your expertise and large data sets, converting them into actionable intelligence
• Maintain consistent, reproducible documentation
• Translate research findings into durable detection rules (logic, tags, scores), predictive real-time intelligence feeds, and impactful intelligence outcomes
• Produce high-confidence reports for internal and external consumers
• Contribute to public security community narratives (talks, webinars)
• Present at tradeshows and industry events 2-5 times a year
Skills
• 10+ years across the fields of cybersecurity, threat research, intelligence analysis, or advanced threat detection roles
• Significant experience tracking nation-state APTs, major cybercrime organizations, and/or malware campaigns
• Demonstrated DNS-based investigation experience, to include botnets
• Proficiency with professional threat hunting tools and OSINT tradecraft
• Strong scripting ability (Python preferred) to automate research workflows
• Experience documenting analytical reasoning and confidence levels with technical data and outcomes
• Ability to work hours overlapping with ET hours
• Must be eligible to work in the region of hire without sponsorship from an employer now and/or in the future
• Malware analysis experience (static or dynamic), AWS or other major cloud provider experience, and/or niche threat hunting experience
• Examples of completed, hands-on investigations that have led to materially relevant security outcomes
• Statistical analysis or data science experience (academic or otherwise)
• Experience producing public threat reports and/or speaking at security conferences
• Familiarity with the entire threat intelligence lifecycle and utilizing structured, rigorous analytic techniques to follow it end-to-end
Benefits
• Pathway to promotion to additional organizational positions and responsibilities based upon results and performance, not just time in the chair.
• Paid company-wide week off at the end of each year
• Flexible Vacation Policy
• Awesome company swag
• Full medical, dental, and vision benefits for US, UK, and Canada-based employees
• Full short-term disability and life benefits; available long-term disability
• Retirement savings account options with vested company matching for qualifying employees
• In-person annual gatherings. Last time we all spent a week on a beach in the Dominican Republic!
Company Overview
• DNSFilter provides security via DNS that protects over 4M end users from online security threats using artificial intelligence. It was founded in 2015, and is headquartered in Washington, District of Columbia, USA, with a workforce of 51-200 employees. Its website is https://dnsfilter.com.