Threat Researcher

Guardio is on a mission to redefine consumer cybersecurity for the modern internet.



We operate at consumer scale, protecting millions of people every day across devices, accounts, and digital touchpoints. In a world where phishing, fraud, and AI-powered scams evolve overnight, Guardio stays ahead of the curve.

We move fast, think deeply, and build with purpose. Our culture is rooted in transparency, feedback, and collaboration along with shared wins, team dinners, company trips, and good times.

We’re a team of 100+ makers, doers, and boundary-breakers. If you’re ready to tackle meaningful challenges, grow at lightning speed, and help shape the next frontier of online safety, you belong here.

Let's cut to the chase. What's the job?

We are looking for a Threat Researcher to join the Guardio Labs team, our research group responsible for uncovering emerging threats, mapping attacker techniques, and fueling Guardio’s protection engine.

In this role, you’ll investigate real-world malicious activity, uncover how attacks operate across the web and email ecosystem, and turn your findings into actionable detections and product protections that directly safeguard millions of users.

You will:

• Investigate threat leads end-to-end, including phishing, scam emails, malvertising, shopping scams, compromised servers/services, and social-engineering campaigns across messaging apps, social networks, and more.
• Build and maintain Guardio’s threat knowledgebase, continuously generating new insights, tracking trends, and discovering never-seen-before techniques.
• Collaborate with security analysts, backend engineers, and product teams to translate research into meaningful protections, new detections, and real user value.
• Use Guardio’s internal intelligence, OSINT sources, network tools, URL/website analysis platforms, DNS data, and custom automation to uncover attacker infrastructure, variants, and TTPs.
• Reverse-engineer malicious services, scripts, and payloads to understand functionality, obfuscation, attack flow, and user-impact.
• Analyze emails, raw headers, SMTP metadata, infrastructure, and propagation patterns to connect related threat components and expand root campaigns.
• Query, process, and analyze large-scale datasets using tools like BigQuery, SQL, and pandas to identify patterns, generate new leads, and validate hypotheses.
• Enjoy a high level of autonomy in a fast-paced environment where your discoveries have immediate product and user impact.
  
  

• 2+ years of experience in security research, threat intelligence, OSINT investigations, or equivalent hands-on experience from CTFs, side projects, or bug bounty work.
• Strong familiarity with browsers, DOM, JavaScript, and DevTools, especially for analyzing malicious behavior, obfuscation, and evasion techniques.
• Hands-on experience writing scripts or tools (Python/JavaScript) for automation, data parsing, scanning, crawling, or intel collection.
• Understanding of network fundamentals: DNS, WHOIS, HTTP/S flows, redirects, proxies, IP ranges, hosting patterns, and routing behavior.
• Curiosity or experience in email threat analysis: SMTP headers, MIME structure, SPF/DKIM/DMARC, phishing techniques, and delivery patterns.
• Comfortable using tools like Burp Suite, URLScan, VirusTotal, Shodan, and similar OSINT/intel tools.
• Experience analyzing datasets using SQL, BigQuery, or pandas, with the ability to spot trends and anomalies in noisy data.
• Strong analytical mindset with a hunter-style approach, persistence, and the drive to follow leads wherever they go.
  
  

• Over 1 million users mean we get A LOT of threat leads and unique insights
• We use lots of Python, BigQuery, and vibe-code our brains out!
• We build our own research tools and analysis platforms.
• But we also love using Chrome DevTools, Burp, VirusTotal, URLScan and every OSINT trick in the book.
• Thinking of a great addition? Let’s do it!