Blackpoint Cyber

• The Director of Technical Support is a leadership role responsible for the execution and continuous improvement of Blackpoint Cyber’s technical support function. • This individual will lead a team of technical support professionals, as a player-coach, dedicated to delivering timely, high-quality resolution experiences for Managed Service Provider (MSP) partners. • Define and drive the multi-year vision and roadmap for the Technical Support function. • Own all support KPIs end-to-end, including NPS, MTTR, first contact resolution, escalation rate, and SLA adherence, alongside the development of new AI-era metrics. • Recruit, develop, and retain a high-performing team of technical support engineers and team leads. • Serve as a voice of the customer internally, converting support patterns and field intelligence into actionable feedback loops. • Oversee the support team’s role during critical security incidents affecting MSP partners. • Continuously evaluate and improve support workflows, escalation paths, and tooling to increase resolution velocity. • Build and maintain a continuously improving knowledge base.

• Lead and scale the Client Success team • Own the partner journey from onboarding through renewal • Partner with Sales and Product on partner needs and feedback • Develop and maintain CS playbooks and AI tooling standards • Use platform telemetry to surface adoption gaps and at-risk accounts • Define and track a comprehensive metrics framework • Deploy AI-powered dashboards and churn prediction models • Build AI-assisted onboarding sequences and digital engagement programs

• Learn and apply core concepts of cyber threat intelligence, including the intelligence lifecycle, threat actor TTPs, and MITRE ATT&CK • Assist in identifying, enriching, and contextualizing indicators of compromise (IOCs) using open-source tools and commercial platforms • Shadow SOC analysts to understand alert triage workflows and how CTI can support SOC needs • Support the creation of threat actor profiles, threat notices, and campaign briefs under guidance • Facilitate information sharing and feedback between CTI and SOC teams to align intelligence outputs with operational requirements • Participate in the development of actionable intelligence products for technical and non-technical stakeholders • Contribute to CTI team processes and help identify opportunities for integration and operational improvement

• Analyze and evaluate anomalous network and system events in a 24x7x365 Security Operation Center (SOC) environment. • Collaborate with MDR Analysts to research and investigate emerging cyber security threats. • Develop Incident analysis reports and work across business units and customers to bring issues to a close. • Help design and build operational processes and procedures to improve overall SOC efficiency. • Provide actionable threat and vulnerability analysis based on security events for many independent customer environments. • Build test lab environments to research emerging techniques.

• Monitor and analyze anomalous behavior across Microsoft 365, Google Workspace and Cisco Duo environments, including suspicious sign-ins, OAuth application abuse, mailbox rule manipulation, data exfiltration indicators, and identity-based attacks • Follow standardized Cloud Response playbooks to triage, escalate, and respond to security events across SaaS platforms, including account containment, session revocation, and admin remediation actions • Investigate cloud-specific attack techniques such as Business Email Compromise (BEC), adversary-in-the-middle (AiTM) phishing, OAuth consent grant abuse, and privilege escalation via misconfigured cloud permissions • Collaborate with Senior Analysts to research and investigate emerging cloud threat tradecraft and contribute recommendations for new detection logic targeting M365 and Google Workspace telemetry • Proactively identify and mitigate false positives across cloud alert pipelines by working with senior analysts to suppress noisy or low-fidelity detections • Collaborate with customers to review cloud security incidents and assist with detection, prevention, and mitigation strategies — including guiding clients through Microsoft Secure Score improvements and Google Workspace security posture reviews • Leverage cloud-native audit logs — including Microsoft Unified Audit Log, Azure AD Sign-in Logs, and Google Workspace Admin Reports — to reconstruct attacker timelines and scope incidents • Bring your observant and curious mindset to cloud investigations and security events!

• Support the maintenance of a comprehensive security compliance program aligned with laws, regulations, and industry best practices. • Maintain and optimize key programs like Third Party Risk Management and Security Awareness Training. • Apply expertise in GDPR, HIPAA, PCI DSS, NIST 800-171/CMMC, ISO 27001, SOC2, and FedRAMP controls as well as U.S. state privacy regulations to ensure practices remain compliant and up to date. • Support internal audits, partnering with stakeholders to remediate findings. • Support external audits (e.g., SOC 2) through preparation and planning, monitoring and remediation coordination, documentation and follow-up tracking. • Bring a structured, methodical approach to assisting with cross-functional project implementation. • Stay current on emerging threats, regulations, and security best practices to strengthen compliance posture.

• Delivering business-critical outcomes through product contributions to the cybersecurity platform • Lead and drive projects across the stack, Typescript, React, Node.js services on Kubernetes • Optimize for performance, scale, and resiliency • Mentor other engineers in complex projects • Communicate effectively with leadership about technical solutions • Identify and implement AI-powered tools and practices for integration development

• Build, ship, and maintain integrations with third-party platforms using TypeScript, React, Node.js, Kubernetes, and Kafka • Take end-to-end ownership of features from design through production deployment, ensuring high quality in a fast-release environment • Contribute to system and integration architecture, including designing tooling and connectivity patterns that scale across the ecosystem. • Use AI coding platforms (Cursor, Claude Code/Chat/Cowork) as core daily tools to accelerate every phase of your workflow. • Build and help maintain context documentation, skills, commands, sub-agent configurations, and MCP integrations that make AI tools more effective for the entire team. • Innovate continuously on how to leverage emerging AI capabilities to improve development speed, code quality, and integration reliability. • Proactively detect and resolve issues before they impact customers. • Collaboratively, learn from teammates while also mentoring others through code reviews and design discussions. • Ensure the code works through testing, automation, and good documentation.

Blackpoint Cyber is the leading provider of world-class cybersecurity threat hunting, detection and remediation technology. Founded by former National Security Agency (NSA) cyber operations experts who applied their learnings to bring national security-grade technology solutions to commercial customers around the world, Blackpoint Cyber is in hyper-growth mode, fueled by a recent $190m series C round. What if you could help stop the next ransomware attack before it cripples a hospital, a small business, or a city? What if you could protect your family's business, your doctor down the street, or the government services you rely on every day? As a Staff Fullstack Engineer on Blackpoint's Integrations Team, you won’t just write code — you’ll define the technical direction that enables Blackpoint to protect thousands of hospitals, cities, and businesses 24/7 against modern threats. You'll lead with AI, mentor engineers, and set the standard for what a modern, AI-first integration team looks like. You'll work alongside other Staff engineers and engineering leadership to help shape modern software development at Blackpoint. You'll lead high-value initiatives, directly contribute to new security capabilities and threat responses, and deliver real, weekly value to our customers. You'll also encourage and train others, raising the bar for the entire organization. Why This Work Matters Every integration you help architect directly strengthens Blackpoint’s ability to detect and stop cyberattacks in real time. The systems you design and the engineers you mentor will have a direct impact on the security posture of thousands of businesses worldwide. This isn’t abstract; your work defends real people and real communities. What You’ll Own Technical Leadership & Architecture - Lead the design, development, and delivery of third-party integrations that realize Blackpoint’s product roadmap. Integrations will leverage RESTful APIs, webhooks, event-driven pipelines, and MCP (Model Context Protocol) servers. - Drive architectural decisions across the integrations portfolio. Ensure solutions are robust, secure, and scalable enough to handle data volumes for the millions of endpoints and users we protect 24/7. - Set the standard for code quality, testing strategy, and engineering excellence through hands-on leadership. AI-First Engineering & Transformation - Leverage extensive experience with AI platforms (Cursor, Claude, Codex, Antigravity) to fundamentally accelerate how the team designs, builds, tests, and ships. - Help build and maintain agentic AI ecosystems with skills, commands, sub-agents, context files, and MCP integrations. - Architect context documentation and MCP-based tooling systems that make AI dramatically more effective across the team, not just for yourself. - Pioneer new AI capabilities and develop novel approaches to applying AI across integration development, testing, and observability. How We Work - You’ll work alongside both human colleagues and agentic AI collaborators, delivering meaningful outcomes weekly, not in monolithic monthly releases. As a technical lead, you’ll help shape this cadence and hold the bar for what “done” and “good” looks like. - Establish best practices for integration observability (Grafana, Datadog, CloudWatch) and incident response. Help build the monitoring culture, not just the dashboards. - Partner with Product, Architecture, Platform, UX, and alliance teams to scope and design work, ensuring alignment with roadmap and strategy goals. - Coach and mentor engineers on integration patterns, AI-first practices, and scalable architecture — while learning from teammates along the way. - Dedicated to quality. You take pride in what you deliver and how it impacts our systems, teammates, and customers. Ensuring your code works through testing, automation, and good documentation is a guiding principle, not an afterthought. What You Bring - 10+ years of fullstack development experience with demonstrated technical leadership in fast-paced, enterprise-level environments (TypeScript, React, Node.js, Kubernetes, SQL databases, No-SQL datastores). - Extensive experience using AI coding platforms (Cursor, Claude, Google Antigravity, Codex) as core development tools. You’ve already transformed your own workflow and can show others how. - You’ve built or extensively experimented with fully agentic AI development pipelines. Building and maintaining skills, commands, sub-agents, context files, and MCP integrations is second nature. - Experience architecting context documentation and MCP-based systems that make AI effective at the team level, not just the individual level. - Deep API and MCP design expertise (REST, GraphQL, webhooks, Model Context Protocol) with security-first mindset. - Hands-on experience with observability platforms (Grafana, Datadog) and incident management workflows. - A track record of driving architectural decisions, mentoring engineers, and delivering high-impact work in startup-speed environments. Even Better If You Have - Experience leading AI transformation initiatives: documentation centralization, AI training and advocacy programs, SDLC modernization, automated QA pipelines, or building AI-first team cultures. - Background in cybersecurity, MDR, or security operations environments. - Experience building integration frameworks and connecting to external vendors and systems. - Experience with event-driven architectures, message queues, or data pipeline design at scale. Familiarity with ETL workflows, n8n, or data delivery platforms is a bonus. - The curiosity to find a new AI tool on Monday, have it helping the team by Friday, and teach others about it the following week. Our Engineering Philosophy At Blackpoint, we believe the best Staff engineers don’t just adopt AI; they fundamentally reshape how their teams build software with it. We’re building a culture where AI is the foundation of how we design, build, test, and ship. Where integration engineers don’t just connect APIs; they build the strategic platform that makes our entire ecosystem more powerful and constantly ahead of threat actors. If building systems that protect people around the world — and helping your team work faster through AI transformation — excites you, we want to talk. Blackpoint Cyber welcomes and encourages applications from qualified individuals of all races, colors, religions, sex, sexual orientation, gender identity or expression, national origin, age, marital status, or any other legally protected status. We are committed to equality of opportunity in all aspects of employment. For eligible employees in the US, Blackpoint offers competitive Health, Vision, Dental, and Life Insurance plans, a robust 401k plan, Discretionary Time Off, and other minor perks.

• Analyze and evaluate anomalous network and system events in a 24×7 Security Operation Center (SOC) environment via conducting lead-less threat hunting • Collaborate with MDR Analysts to research and investigate emerging cyber security threats; become an escalation point of contact for advanced intrusion analysis. • Develop Incident analysis reports and work across business units and customers to bring issues to a close • Help design and build automation to reduce operational tasks of SOC processes • Provide actionable threat and vulnerability analysis based on security events for many independent customer environments • Build test lab environments to research emerging techniques and make contributions to the internal and external knowledge development of threat operations. • Review sandbox technologies for additional IOCs uncovered from artifacts uncovered during analysis.