Cyber Threat Intelligence Researcher

Vega is one of the fastest-growing startups in cybersecurity, redefining security analytics and operations with an AI-native platform for the SOC. We are building the next-generation operating system for security teams. Vega is already delivering real impact at some of the world’s largest organizations - improving detection, unlocking the value of their security data, and reducing cost and complexity. With HQs in New York and TLV, we're looking for people who want to be a part of the next rocket-ship in cyber.

We’re looking for a Cyber Threat Intelligence Researcher to join our team and help shape the future of threat detection. In this role, you’ll be at the forefront of identifying and analyzing emerging threats and influencing the evolution of Vega’s Threat Intelligence Hub.

You’ll produce original research derived from Vega’s proprietary data as well as external intelligence sources. You’ll help develop investigation scenarios, tools and threat hunting strategies that enable security teams to identify and respond to advanced threats across their entire environment. You’ll also work closely with product and engineering teams to align threat intelligence findings with Vega’s detection capabilities.

What You Will Do

• Produce actionable threat intelligence by researching threat actors, campaigns, techniques, and adversary behavior relevant to customer environments.
• Translate intelligence into outcomes by converting research and MITRE ATT&CK mappings into prioritized detections, threat hunting logic, and analysis workflows.
• Define customer-specific threat priorities, tailoring intelligence focus and onboarding based on each customer’s risk profile and environment.
• Monitor and assess emerging threats including new CVEs, active campaigns, and high-profile cyber events, prioritizing based on severity, exploitability, and customer impact.
• Influence product and platform direction by collaborating with product and engineering teams on Vega’s Threat Intelligence Hub, TIP integrations, and new use cases.
• Collaborate with threat hunting team and support the identification of security findings with relevant customers.
• Contribute to thought leadership and external impact through customer advisories, public research, blogs, webinars, open-source tools, and industry reports.
  
  

• 6+ years of hands-on experience in security operations, threat hunting, incident response, or detection engineering, working with real production telemetry.
• 2+ years of practical experience in threat intelligence research
• Strong investigative and analytical skills, including advanced threat hunting, detection validation, and tuning for signal vs. noise using large-scale log data.
• Deep understanding of adversary tradecraft, including TTPs, campaign and infrastructure analysis, attribution challenges, and distinguishing commodity from targeted threats.
• Broad knowledge of modern attack surfaces and security architectures across endpoint, identity, network, cloud, and application environments.
• Ability to operationalize threat intelligence, translating research into detections, hunting strategies, repeatable intel pipelines, and automated workflows.
• Technical proficiency in scripting or coding (e.g., Python, SQL) and use of enrichment sources such as DNS, WHOIS, sandboxing, and reputation systems.
• Strong communication and intelligence tradecraft, including clear confidence grading, articulation of assumptions and gaps, and prioritization based on business or customer risk.
• Experience collaborating and engaging externally, including working with product and engineering teams, presenting intelligence to customers or executives, and contributing to public CTI work (blogs, talks, advisories, or tools).