Reports to: Senior Director, Adversary Tactics Location: Remote US Compensation Range: $200,000.00 to $225,000.00 base plus bonus and equity What We Do: Cybercrime is growing, and more businesses are getting hit by threats that used to target only the biggest organizations. That pushes defenders like us to operate at the highest level, and it deepens our need for good people who want to make a meaningful impact. Founded in 2015 by former NSA cyber operators, Huntress is a remote-first team working to make enterprise-grade cybersecurity accessible to businesses of all sizes. We work closely with security teams and service providers protecting complex environments, often without the time or headcount to handle it all. That’s why we build our technology in-house and back it with a 24/7 human-led Security Operations Center (SOC). As a result, our platform is never disconnected from the experts who manage it, ensuring our customers' protection. Huntress now secures more than 5M endpoints and 11M identities worldwide. Those numbers keep growing because more businesses rely on us to help carry the load and operate with more confidence. Every day, you can see that commitment in how we stand with our customers and how we show up for each other. About the Role: The Huntress Adversary Tactics team has the unique honor to wake up every morning knowing we’re going to make hackers regret targeting our partners and customers. We’re looking for someone who wants to pour their creativity into researching, hunting, and uncovering threats in our customer networks. Competitive candidates have experience building a threat intelligence program utilizing internal and external threat data. Candidates should also have experience creating Threat Intelligence reports, advocating for product enhancements, and public speaking. Threat Intelligence Analysts aggregate threat data from the previous month and build out reports for our customers. These reports may also be used for marketing and help show the value of what Huntress provides to customers and the community. Threat Intelligence Analysts are also responsible for writing blog posts and marketing materials regarding emerging threat trends. They also work closely with Security and Product Researchers to obtain more context on threat data. Familiarity with product management, scripting/development, incident response, malware analysis, configuration management, and antivirus technologies is an additional way to differentiate yourself. As you can imagine, success doesn’t happen in a vacuum. An effective analyst fosters highly collaborative environments between the Product, Marketing, and Security teams to accelerate our mission and secure the 99% of businesses that fall below the enterprise poverty line. This collaboration is needed to produce and prioritize a unified technical vision that ultimately delivers our most impactful features and capabilities. Are you ready for the challenge? Responsibilities: - Conducts research on emerging adversary tradecraft to help make decisions on operationalizing our data - Responsible for aggregating threat data to build out reports for customers to show Huntress’ value, and inform them of various threats that have been seen and reported - Responsible for creating reports for marketing to show Huntress’ value to the larger community - Promote Huntress’ reputation through media interaction, public speaking, and blogs - Works with the Sr. Director of Adversary Tactics, the Security Operations Center, Product, and others to develop the Product and threat operations roadmap - Provides technical leadership for some members of the Security team - Supports the professional development of researchers in the organization through coaching and mentorship - Responsible for enhancing Huntress visibility by ingesting and utilizing IOCs from external threat intel sources - Responsible for blog posts and other marketing materials regarding threat trends - Responsible for building a threat intelligence program that makes use of our internal threat data Qualifications: - Experience with SIEM tools for scaled log analysis - Familiarity with detection engineering, detection logic, i.e., Sigma Rules - Experience researching and scoping threat hunt missions - Foundational development experience across multiple platforms (e.g., Windows and/or macOS), C/C++, GoLang, and Python (nice to have) - Proficient knowledge of Windows and/or macOS subsystems and how they interact both at the user and kernel level (nice to have) - Understanding of cybersecurity, threat actors, and end-to-end threat life cycle, including one or more of the following: digital forensics, malware research, incident response, vulnerabilities, and exploits - Experience with 3rd-party intelligence tools, feeds, and reputation services - Experience conducting OSINT gathering and analysis - Excellent written and verbal communication skills - Familiarity with utilizing AI in workflows What We Offer: - 100% remote work environment - since our founding in 2015 - Generous paid time off policy, including vacation, sick time, and paid holidays - 12 weeks of paid parental leave - Highly competitive and comprehensive medical, dental, and vision benefits plans - 401(k) with a 5% contribution regardless of employee contribution - Life and Disability insurance plans - Stock options for all full-time employees - One-time $500 reimbursement for building/upgrading home office - Annual allowance for education and professional development assistance - $75 USD/month digital reimbursement - Access to the BetterUp platform for coaching, personal, and professional growth Huntress is committed to creating a culture of inclusivity where every single member of our team is valued, has a voice, and is empowered to come to work every day just as they are. We do not discriminate based on race, ethnicity, color, ancestry, national origin, religion, sex, sexual orientation, gender identity, disability, veteran status, genetic information, marital status, or any other legally protected status. We do discriminate against hackers who try to exploit businesses of all sizes. Accommodations: If you require reasonable accommodation to complete this application, interview, or pre-employment testing or participate in the employee selection process, please direct your inquiries to accommodations@huntresslabs.com. Please note that non-accommodation requests to this inbox will not receive a response. Huntress uses artificial intelligence tools to assist in reviewing and evaluating job applications, including resume screening, skills assessment, and candidate matching and comparisons. These AI tools support our human recruiters in the initial review process, but do not make final hiring decisions without human involvement. By submitting your application, you acknowledge this use of AI in our recruitment process. Please review our Candidate Privacy Notice for more details on our practices and your data privacy rights. #BI-Remote

• Use all-source intelligence (including alert feeds, traditional and social media, and in-house sources) to monitor security incidents and trends within the client’s areas of operation and locations to assess the likely impact on staff, assets, operations, events, and reputation • Support the client’s trust and safety function to monitor and respond to issues on or with the client’s platform • Escalate security incidents to client stakeholders, following efficient and rehearsed procedures. • Maintain visibility on employee movements and their proximity to notable incidents and events, advising accordingly through required reporting methods • Participate in training and drills to rehearse incident preparation and response SOPs • Support internal stakeholders with ad hoc reporting on geopolitical developments, scenario planning, forecasts and other related topics • Research and analyse a wide range of information to create insightful analysis in accordance with strict deadlines, including presenting and incorporating relevant data and visualisations • Respond to urgent official requests for action on behalf of the client, ensuring accuracy, compliance, and timely delivery • Conduct all-source investigations into people and events to identify risk indicators, establish timelines, and support operational decisions • Other duties as assigned.

• Execute hypothesis-driven threat hunts across AWS, identity, endpoint, and network telemetry, documenting findings and recommended control or detection improvements. • Build, tune, and maintain SIEM detections focused on high-risk behaviors such as IAM misuse, persistence, privilege escalation, and data access or exfiltration. • Reduce alert noise through structured tuning, baselining, and enrichment while preserving meaningful coverage. • Map detections and hunts to MITRE ATT&CK techniques to identify and close visibility gaps. • Support investigation and containment of security incidents, performing log analysis, scoping impact, and documenting findings. • Contribute to the development and refinement of incident response playbooks for common cloud and identity-based scenarios. • Produce clear after-action reports that identify root cause, control gaps, and prioritized remediation steps. • Participate in periodic tabletop or fire drill exercises to validate readiness and improve response coordination. • Participate in purple team exercises to validate detection effectiveness and help prioritize remediation of identified gaps. • Partner with offensive testing and engineering teams to translate findings into improved detections and hardened configurations. • Identify opportunities to strengthen logging, telemetry coverage, and control effectiveness across cloud and enterprise systems. • Develop lightweight automation and scripts to improve investigation speed, enrichment, and reporting consistency. • Maintain well-documented detection logic, hunt results, and response procedures to improve repeatability and team scalability. • Share threat insights and lessons learned with the broader security and engineering community through briefings or written updates.

• Monitor threats against Cisco executives and personnel via vendor intelligence feeds, law enforcement reports, and OSINT research, triaging and escalating based on an established risk matrix • Produce and deliver risk assessments and recommendations ahead of executive travel and perform active monitoring of intelligence feeds to mitigate travel disruptions and risks • Conduct security investigations and maintain awareness of persons of interest (POIs) and potential hostile actors • Draft recurring reports analyzing internal threat metrics, emerging security TTPs, and geopolitical, cyber, and physical threats that may impact leadership, assets, or operations • Contribute to ad-hoc advisories, presentations, and projects on executive security, internal risk, and travel risk management, collaborating with STO Global Security, Executive Protection teams, and partners • Coordinate with Cisco vendors, internal stakeholders, and public/private partners to refine tooling, configure intelligence feeds, and liaise on risk concerns • Provide on-site or remote intelligence support for corporate events, shareholder meetings, and high-profile engagements; assist with pre-event security planning