Threat Intelligence Researcher

Zero Networks is a fast-growing cybersecurity startup redefining how organizations protect themselves. Our Research team sits at the center of that mission - driving deep security research that shapes our product, technology, and long-term vision.

We’re looking for a Threat Intelligence Researcher to join the Research team and strengthen the intelligence that powers our product, roadmap, and defensive capabilities. In this role, you’ll monitor emerging threats, evaluate new attack techniques, validate their impact against our offerings, and help steer product and engineering direction based on real-world intelligence. You’ll work hands-on with feeds, CVEs, offensive tools, and attacker TTPs to ensure Zero Networks stays ahead of the threat landscape.

Responsibilities:

• Monitor and analyze the latest vulnerabilities, CVEs, exploits, and threat actor TTPs, with a focus on techniques relevant to microsegmentation, identity security, lateral movement, and internal reconnaissance.
• Validate new attacks and offensive techniques against our product portfolio by simulating, reproducing, and stress-testing real-world scenarios.
• Work closely with Product and Engineering to translate threat intelligence into product strategy, prioritized features, and defensive enhancements.
• Integrate external threat feeds and intelligence sources into our product - including normalization, enrichment, classification, and validation of feed relevance.
• Produce high-quality research artifacts, including reports, internal briefs, and public-facing posts that strengthen our technical presence and help customers understand the threat landscape.
• Contribute to detection logic, threat models, and internal tooling that turn intelligence into prevention and protection.
• Stay current with major industry reports, security advisories, exploit trends, and red-team tooling to proactively identify areas of exposure or opportunity.
  
  

• +3 years of proven experience in threat intelligence, threat hunting, or incident response.
• Strong understanding of attacker behaviors and frameworks such as MITRE ATT&CK, Kill Chain, and common TTPs used in internal network compromise.
• Ability to rapidly evaluate CVE relevance and exploitability, including understanding root cause, affected components, and real-world risk.
• Experience with ingesting or working with threat intelligence feeds, enrichment pipelines, or threat classification systems.
• Solid technical foundation in networking, identity protocols, or common enterprise security controls.
• Experience with scripting or automation (Python, Go, PowerShell, etc.) to process intelligence, develop PoCs, or build internal tools.
• Strong communication skills — able to explain complex threats clearly to engineering, product, and sometimes customers.
• Bonus: contributions to open-source security tools, public research, conference talks, or technical blogging.