This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Senior Research Engineer, Threat Intelligence based in Canada.
This is a highly specialized, engineering-driven threat intelligence role sitting at the intersection of cybersecurity research and production-grade platform engineering. You will be responsible for transforming raw threat research into scalable, production-ready security intelligence that directly powers detection, monitoring, and risk mitigation systems used by thousands of organizations globally. The role goes beyond traditional research or engineering, requiring you to bridge both worlds by converting adversary insights, malware findings, and behavioral patterns into structured, consumable security data products. You will work closely with senior threat researchers while owning the full engineering lifecycle from research artifact to deployed detection logic or data feed. The environment is fast-paced, deeply technical, and focused on real-world impact, where accuracy, scalability, and reliability are critical. This is an opportunity to shape how global threat intelligence is operationalized at scale.
This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Senior Research Engineer, Threat Intelligence based in Canada.
This is a highly specialized, engineering-driven threat intelligence role sitting at the intersection of cybersecurity research and production-grade platform engineering. You will be responsible for transforming raw threat research into scalable, production-ready security intelligence that directly powers detection, monitoring, and risk mitigation systems used by thousands of organizations globally. The role goes beyond traditional research or engineering, requiring you to bridge both worlds by converting adversary insights, malware findings, and behavioral patterns into structured, consumable security data products. You will work closely with senior threat researchers while owning the full engineering lifecycle from research artifact to deployed detection logic or data feed. The environment is fast-paced, deeply technical, and focused on real-world impact, where accuracy, scalability, and reliability are critical. This is an opportunity to shape how global threat intelligence is operationalized at scale.
Accountabilities:
- Own the end-to-end research-to-production pipeline, converting threat research outputs into production-ready detection rules, intelligence feeds, and security signals.
- Design, build, and maintain core threat intelligence platform components including ingestion pipelines, distribution systems, sandbox orchestration, and rules engines.
- Develop and deploy detection content such as YARA rules, Sigma rules, STIX patterns, and behavioral indicators used across security products.
- Define and enforce data standards and schemas, including STIX 2.1 and TAXII 2.1, ensuring consistency across threat intelligence outputs and distribution channels.
- Build scalable systems for OSINT ingestion, adversary tracking, correlation, and enrichment across multiple data sources and telemetry streams.
- Engineer automation workflows that accelerate threat research, including indicator enrichment, malware triage, corpus correlation, and report generation.
- Implement retrieval-grounded and schema-constrained AI/LLM workflows to improve research velocity while ensuring production safety and reliability.
- Collaborate with threat researchers, platform engineers, and product teams to ensure seamless translation of research into customer-facing intelligence.
- Optimize performance, cost, and reliability of data pipelines, detection systems, and AI-assisted research workflows.
- Serve as a technical bridge between research and engineering, ensuring that outputs are production-ready, well-structured, and operationally usable.
- 5–8 years of hands-on experience in software engineering, threat intelligence, detection engineering, or security research roles.
- Strong programming experience in Python and TypeScript/Node.js in production environments.
- Experience building and operating scalable data systems using cloud infrastructure (preferably AWS), CI/CD pipelines, and containerized services.
- Deep familiarity with threat intelligence standards and frameworks including STIX 2.1, TAXII 2.1, MITRE ATT&CK, and optionally MISP.
- Hands-on experience creating and operationalizing detection logic using YARA, Sigma, and STIX-based patterns.
- Strong understanding of security data pipelines, adversary behavior analysis, and malware/infrastructure intelligence.
- Proven experience building production systems that integrate or generate threat intelligence data at scale.
- Practical experience using LLMs in production systems, including retrieval-augmented generation, structured outputs, evaluation frameworks, and prompt safety.
- Strong analytical mindset with the ability to validate model outputs against real-world constraints and adversarial conditions.
- Excellent communication skills with the ability to translate between research, engineering, and product stakeholders.
- Bonus: Experience with policy-as-code (OPA/CEL), large-scale telemetry systems, or open-source threat intel tools like OpenCTI or Sigma.
- Competitive compensation in CAD with performance-based bonus opportunities
- Equity participation in a global cybersecurity platform
- Comprehensive health, dental, and vision insurance
- Unlimited PTO and generous parental leave policies
- Tuition reimbursement and professional development support
- Remote-friendly work environment within Canada
- Opportunity to work on cutting-edge threat intelligence and security research at global scale
- Inclusive, research-driven engineering culture with strong emphasis on innovation and impact.