Role Description Nebulock has an established threat hunting function and we're growing the team. You'll be a hands-on hunter and detection contributor, working directly with our Head of Threat Hunting to execute structured hunts, validate detections, and help translate what you find in the wild into product input. You won't own methodology top-down on day one, but you'll have a direct line into shaping it as you grow into the role. Half your time is heads-down hunting across EDR, cloud, SIEM, and identity telemetry, working with design partners and stress-testing findings against real environments. The other half is partnering with detection engineering to pressure-test detection logic, validate AI-assisted workflows, and help translate hunting tradecraft into product priorities. What You'll Do - Threat Hunting (50%) - Execute structured hunts across endpoint, identity, and log telemetry: post-compromise behaviors, lateral movement, insider threat patterns - Develop and refine hunt hypotheses based on threat intel, telemetry gaps, and field findings - Contribute to Nebulock's hunting methodology and help build repeatable, productizable detection logic - Engage with design partners to tune detections, validate findings, and surface product-relevant insights - Product & Detection Engineering (50%) - Work with the detection engineering team to review and improve detection coverage - Validate and iterate on AI-assisted detection workflows and know when the model is wrong - Prototype new hunting approaches and contribute to decisions about what's worth building into the product - Translate hunt findings into structured logic, data requirements, and feature input Qualifications - 3-5 years in threat hunting, detection engineering, or incident response, with real hands-on depth in at least one of EDR, cloud, SIEM, or identity telemetry - Solid intuition for adversary behavior: you think in TTPs, not just indicators - Some experience developing or improving detection logic, not just consuming it - Comfortable operating with limited process and some ambiguity - Can communicate findings clearly to technical peers and, when needed, to customers Nice to have - Exposure to AI/ML-assisted detection workflows - Background working with or building security products - You've contributed to a hunting program beyond just executing hunts Why This Role - Real influence over methodology, tooling, and team culture as we grow - A direct line between your hunts and what ships in the product - No silos: you'll work across hunting, engineering, and customer engagements - Thought leadership opportunities: publishing research, frameworks, and hunting insights Benefits - Competitive salary and performance-based bonuses. - Flexible PTO and a remote work environment built on trust. - Comprehensive health, dental, and vision insurance. - A collaborative, agile culture that values transparency, cross-departmental teamwork, and continuous learning. - The opportunity to be a foundational member of the CS team, shaping how we support and protect our clients.

• Build and execute an enhanced CI program in support of all AFS TS+ high-risk contracts (147), with initial concentration on specific Defense and Intel SAP related programs. • Collect, evaluate, and analyze information related to insider threat indicators, foreign intelligence risks, personnel behavior anomalies, and operational security concerns. • Produce clear, concise analytic assessments ranging from tactical incident-based reporting to strategic trend analysis, adhering to analytic tradecraft standards. • Conduct research and investigations using publicly available information (PAI), social media platforms, and structured data sources. • Monitor security, personnel, and operational data for indicators of elevated risk; prepare assessments or alerts as needed. • Collaborate with security operations, legal, HR, IT security, and federal project teams on risk assessment and mitigation efforts. • Maintain situational awareness of counterintelligence, insider threat, cybersecurity, and geopolitical developments affecting AFS operations. • Support incident response, crisis monitoring, and investigative tasks assigned by RMB and S&ID leadership. • Leverage professional networks, open-source tools, and government/industry partnerships to enhance threat awareness and analytic rigor. • Help pursue and develop the appropriate tools for collecting, tracking, aggregating and analyzing risk related information and data across all available sources.

• Analizar, procesar y transformar grandes volúmenes de datos para la toma de decisiones estratégicas. • Desarrollar consultas avanzadas y optimizar procesos de extracción de información. • Implementar y monitorear procesos de web scraping y consumo de APIs. • Diseñar dashboards e indicadores en Power BI y Excel. • Generar modelos de scoring y reportes de desempeño.

• Operate and manage platforms for bid intelligence and market opportunities • Qualify leads and support sales teams with actionable insights • Conduct competitive analysis and market research