Senior Threat Researcher - Endpoint/Cloud

At Arctic Wolf, you will not just watch the cybersecurity industry evolve – you will help lead the change. Our global team is made up of people who thrive on solving complex problems, moving quickly, and building technology that protects organizations around the world. We are proud to be recognized by Forbes, CNBC, Fortune, CRN, Gartner Peer Insights, and International Data Corporation MarketScape. What matters most is the work behind these recognitions: delivering real outcomes for customers through award-winning innovation such as our Aurora Platform.

If you are looking for meaningful work, smart teammates, and the opportunity to make a real impact in a high-growth company that is redefining security operations, Arctic Wolf is the right place for you.

Our mission is simple: End Cyber Risk.

We are looking for a Senior Detection Developer - Endpoint / Cloud to help achieve this mission.

The Senior Detection Developer will contribute to our Detection Engineering organization by developing, maintaining, and enhancing advanced security detections across endpoint, cloud, and network environments. This role will focus on building high-quality detection content, improving detection efficacy, researching emerging threats, and delivering actionable intelligence that helps protect Arctic Wolf customers from evolving cyber threats.

IN THIS ROLE, YOU WILL:

Develop and maintain high-quality custom detection rules across endpoint, cloud, and network environments

Research emerging threats, attack techniques, and telemetry sources to improve detection coverage and effectiveness

Design, develop, and continuously improve anomaly-based and behavioral-based detections

Conduct code reviews and provide constructive feedback to ensure code quality, maintainability, and scalability

Troubleshoot, debug, and enhance existing detection and signature codebases

Participate in the full software development life cycle by building secure, efficient, testable, and maintainable detection content

Collaborate with team members to develop innovative detections and continuously tune existing detection capabilities

Propose improvements to detection coverage, efficacy, and overall security visibility

Build runbooks, reports, documentation, and supporting materials for detection surfaces

Document research findings and share knowledge across engineering, security operations, and research teams

Communicate technical concepts and security findings effectively to both technical and non-technical audiences

Continuously learn and adopt industry best practices in software development, detection engineering, and cybersecurity

Participate in research and development demonstrations, innovation initiatives, and annual hackathon events that contribute to future product capabilities

YOU WILL BE SUCCESSFUL IN THIS ROLE IF:

You have 6 or more years of experience authoring and maintaining security detections

You have strong expertise in endpoint, cloud, or network detection and signature development

You have experience developing anomaly-based and behavioral-based detections

You have extensive experience tuning and optimizing detections to improve fidelity and reduce false positives

You possess deep knowledge of networking concepts, protocols, and authentication technologies including Transmission Control Protocol/Internet Protocol, Domain Name System, Lightweight Directory Access Protocol, and New Technology LAN Manager

You have proven experience researching and developing detections related to network-based threat vectors

You have experience using MITRE ATT&CK, packet capture analysis, and threat intelligence sources to drive detection development

You have strong knowledge of cybersecurity principles, threat detection methodologies, and adversary behaviors

You have experience working with security monitoring and detection technologies within Managed Detection and Response environments

You are passionate about solving complex security challenges and continuously improving detection capabilities

Helpful to Have:

Experience developing Security Information and Event Management detections

Experience creating Endpoint Detection and Response detections and signatures

Experience authoring Sigma and YARA rules

Experience developing cloud security detections

Experience with programming languages such as Python, Go, Java, or C++

Experience with Test Driven Development methodologies

Experience using DevOps practices, tooling, and automation frameworks

Experience applying secure software development practices

Experience building and deploying solutions in cloud environments including Amazon Web Services, Microsoft Azure, and Google Cloud Platform

Experience working with Kubernetes, containers, infrastructure-as-a-service, and platform-as-a-service technologies

Experience working within Agile software development methodologies including Scrum and Kanban

Experience with Next Generation Firewall technologies from vendors such as Palo Alto Networks, Cisco, or Fortinet

Experience using open-source intrusion detection, intrusion prevention, and network security monitoring technologies such as Zeek or Suricata

Do not meet all the requirements? That is okay. We still encourage you to apply. We have many opportunities and are always looking for strong talent.

On-Camera Policy

To support a fair, transparent, and engaging interview experience, candidates interviewing remotely are expected to be on camera during all video interviews. Being on camera fosters authentic connection, improves communication, and allows for full engagement from both candidates and interviewers. We understand that technical, bandwidth, or location-related challenges may occasionally prevent video use. If this applies, candidates are required to notify us in advance so we can explore appropriate accommodations.

At Arctic Wolf, we foster a collaborative and inclusive work environment that thrives on diversity of thought, background, and culture. This is reflected in our multiple awards, including Top Workplace United States, Best Places to Work United States, Great Place to Work Canada, Great Place to Work United Kingdom, and Kununu Top Company Germany. Our commitment to bold growth and shaping the future of security operations is matched by our dedication to customer satisfaction, with over 10,000 customers worldwide and more than 2,000 channel partners globally. As we continue to and enhance our technology, Arctic Wolf remains a trusted name in the industry.

Our Values

Arctic Wolf recognizes that success comes from delighting our customers, so we work together to ensure that happens every day. We believe in diversity and inclusion and value the unique perspectives all employees bring to the organization. By protecting sensitive data and working to end cyber risk, we contribute to an industry that serves the greater good.

We celebrate diverse perspectives through our Pack Unity program and encourage employees to participate in or create new alliances.

We also believe in corporate responsibility and have joined the Pledge One Percent movement to give back to our communities.

All employees receive compelling compensation and benefits packages, including:

Equity for all employees

Flexible annual leave, paid holidays, and volunteer days

Training and career development programs

Comprehensive private benefits plan including medical insurance for you and your family, life insurance equal to three times compensation, and personal accident insurance

Fertility support and paid parental leave

Security Requirements

Conduct duties in accordance with Arctic Wolf information security policies, standards, and controls

Background checks are required for this position

This role may require access to information protected under United States export control laws and regulations