Senior Threat Researcher II

Sumo Logic Threat Labs is a team of security experts responsible for developing and applying cyber threat intelligence, technology, hunting, and tradecraft to research and develop threat detections for Sumo Logic Cloud SIEM customers. Threat Labs is by design a fast-paced, demanding, and mission-focused team. Sumo Logic is in search of an experienced and visionary Senior Threat Researcher II for Threat Labs.

Threat Labs is looking for a senior-level threat researcher to join us in defending multiple organizations and technologies, by researching and creating detection content for Sumo Logic. This individual must love data (logs), and understand the role modern SIEM plays in organizations today; additionally, they must understand the importance of applying practitioner experience in helping customers do the job they need to do with SIEM. Threat Labs research includes exploration and exploitation of various cloud technologies, to create high quality practical detections. We’re looking for someone who can build out, test, and help us push the envelope on research driven detections.

Responsibilities

• Research, Develop, and Test detection rules within lab infrastructure

• Work with product management to identify focus of research and development campaigns

• Maintain and expand threat research lab infrastructure

• Provide practitioner feedback to engineering and product management regarding features and roadmap

• Research industry trends for detection opportunities

• Contribute to the community through blogs, conference talks, open source projects etc.

• Align with Threat Detection Engineering on content development efforts and deployment

Requirements

• 8+ years of cybersecurity experience

• Ideally a combination of the following:

• Senior/Principal SOC Analyst

• Purple Team and/or hunting

• Incident response

• Experience sourcing threat detections from research to deployment

• Knowledgeable of multiple technology stacks and willingness to learn new technologies

• Experience working in at least one public cloud (AWS, Azure, GCP)

• Experience analyzing cloud infrastructure log telemetry

• Contributed cybersecurity blogs or linked In posts, and conference talks

Desirable

• Experience in customer facing technical role (consulting, IT help desk/remote support)

• Offensive cybersecurity tool experience (Atomic Red Team, Sliver, Cobalt Strike etc)

• Scripting experience (Python, PowerShell, etc)

• Experience with Security Orchestration, Automation, and Response (SOAR) technology

• Established social media presence in the cybersecurity industry/community (Twitter and the like)

• Experience working within the cybersecurity vendor industry, with an understanding of product management and providing feedback into the process

About Us

Sumo Logic, Inc. helps make the digital world secure, fast, and reliable by unifying critical security and operational data through its Intelligent Operations Platform. Built to address the increasing complexity of modern cybersecurity and cloud operations challenges, we empower digital teams to move from reaction to readiness—combining agentic AI-powered SIEM and log analytics into a single platform to detect, investigate, and resolve modern challenges. Customers around the world rely on Sumo Logic for trusted insights to protect against security threats, ensure reliability, and gain powerful insights into their digital environments. For more information, visit www.sumologic.com.

Sumo Logic Privacy Policy. Employees will be responsible for complying with applicable federal privacy laws and regulations, as well as organizational policies related to data protection.

The expected annual base salary range for this position is $141,000 - $165,000. Compensation varies based on a variety of factors which include (but aren’t limited to) role level, skills and competencies, qualifications, knowledge, location, and experience. In addition to base pay, certain roles are eligible to participate in our bonus or commission plans, as well as our benefits offerings.

Must be authorized to work in the United States at time of hire and for duration of employment. At this time, we are not able to offer nonimmigrant visa sponsorship for this position.