Director, Threat Research
Job Summary
The Head of Threat Research will build and lead a new Threat Research team at Illumio, leveraging large-scale security datasets to drive product enhancements, detection logic, data enrichment, and customer risk reduction. The role requires a strong background in threat research, detection engineering, and incident response, with experience in graph-based analytics and security graphs.
About the Role
This role starts with deep individual-contributor work and quickly expands into team-building, thought leadership, and external publishing. It involves defining the team charter, research roadmap, operating model, and success metrics, as well as establishing quality standards, documentation practices, and research methodologies tailored to the security graph platform.
Responsibilities
- Define the team charter, research roadmap, operating model, and success metrics focused on measurable product impact and customer risk reduction.
- Design processes that transform large-scale security datasets into high-value insights, including structured feedback loops with Product, Engineering, and Security teams.
- Establish quality standards, documentation practices, and research methodologies tailored to our security graph platform.
- Build and track KPIs that demonstrate tangible improvements in detection efficacy, segmentation posture, and breach containment.
- Personally analyze large-scale security datasets to uncover attacker behaviors, TTPs, emerging risks, and misconfigurations.
- Leverage the security graph to model attack paths, recommend segmentation strategies that reduce the risk of lateral movement, and identify opportunities for stronger breach containment.
- Map findings to MITRE ATT&CK and real-world adversary tradecraft; develop and validate hypotheses about evolving threats.
- Create internal threat models and risk frameworks that directly inform detection logic, data enrichment, graph quality, and policy recommendations.
- Partner closely with Product Management and Engineering to translate research into concrete enhancements: improved detection algorithms, data tagging, analytics, and customer-facing risk insights.
- Collaborate with Customer Success, Field teams, and executives to communicate emerging threats observed in aggregate data and their implications for segmentation strategy.
- Influence product roadmap decisions and help position Illumio Insights as the industry benchmark for proactive threat-informed security.
- Hire, mentor, and grow a high-performing Threat Research team over time.
- Evolve the function from internal product-focused research into broader external thought leadership (publications, conference talks, industry reports).
- Foster a culture of curiosity, rigor, and impact-driven research.
Requirements
- 10+ years of experience in threat research, detection engineering, incident response, or threat intelligence, with a proven track record of hands-on technical work.
- Prior experience as a manager or senior individual contributor who has successfully built or scaled a threat research capability from scratch.
- Deep expertise in attacker tradecraft, real-world TTP mapping (MITRE ATT&CK), IOC analysis, and incident response processes.
- Strong experience working directly with Product and Engineering teams in a security product company or vendor environment.
- Demonstrated ability to analyze security telemetry and translate complex findings into product improvements and business-relevant insights.
- Excellent written and verbal communication skills, including executive briefing experience.
Preferred Qualifications
- Background in graph-based analytics, security graphs, or network segmentation/zero-trust environments.
- Hands-on experience with large-scale telemetry analysis and detection engineering.
- Familiarity with data science or ML techniques applied to threat detection.
- Track record of publishing threat research or speaking at industry conferences.
- Previous leadership role at a cybersecurity product company (endpoint, network security, or analytics-focused vendor).
- Experience integrating external threat intelligence and vulnerability data into product features.
- Public thought leadership portfolio (blogs, reports, talks, or open-source contributions).