Director, Threat Research

Illumio is the leader in ransomware and breach containment, redefining how organizations contain cyberattacks and enable operational resilience. Powered by the Illumio AI Security Graph, our breach containment platform identifies and contains threats across hybrid multi-cloud environments – stopping the spread of attacks before they become disasters.
Recognized as a Leader in the Forrester Wave™ for Microsegmentation, Illumio enables Zero Trust, strengthening cyber resilience for the infrastructure, systems, and organizations that keep the world running.

At Illumio, we’re pioneering cybersecurity innovation with our Illumio Insights platform, which leverages a dynamic security graph built from network flows, workload inventories, identity data, threat data, and vulnerability data. This graph enables essential functions such as breach risk detection, network segmentation assessment, active breach identification, and intelligent policy recommendations. To accelerate our product evolution and establish market-leading threat intelligence capabilities, we’re building a world-class, data-driven Threat Research function.

We are seeking a hands-on Head of Threat Research to build and lead this new team from the ground up. You will serve as the long-term subject matter expert and strategic leader for the Illumio Insights product team, translating real-world threats and large-scale security datasets into actionable insights that drive product enhancements, detection logic, data enrichment, and customer risk reduction. This role starts with deep individual-contributor work and quickly expands into team-building, thought leadership, and external publishing.
This is a rare opportunity to shape a critical new function at the intersection of threat intelligence, product innovation, and security graph analytics.

• Define the team charter, research roadmap, operating model, and success metrics focused on measurable product impact and customer risk reduction.

• Design processes that transform large-scale security datasets into high-value insights, including structured feedback loops with Product, Engineering, and Security teams.

• Establish quality standards, documentation practices, and research methodologies tailored to our security graph platform.

• Build and track KPIs that demonstrate tangible improvements in detection efficacy, segmentation posture, and breach containment.

Hands-On Threat Research and Analysis

• Personally analyze large-scale security datasets to uncover attacker behaviors, TTPs (Tactics, Techniques, and Procedures), emerging risks, and misconfigurations.

• Leverage the security graph to model attack paths, recommend segmentation strategies that reduce the risk of lateral movement, and identify opportunities for stronger breach containment.

• Map findings to MITRE ATT&CK and real-world adversary tradecraft; develop and validate hypotheses about evolving threats.

• Create internal threat models and risk frameworks that directly inform detection logic, data enrichment, graph quality, and policy recommendations.

Product, Customer, and Strategic Impact

• Partner closely with Product Management and Engineering to translate research into concrete enhancements: improved detection algorithms, data tagging, analytics, and customer-facing risk insights.

• Collaborate with Customer Success, Field teams, and executives to communicate emerging threats observed in aggregate data and their implications for segmentation strategy.

• Influence product roadmap decisions and help position Illumio Insights as the industry benchmark for proactive threat-informed security.

Scale and Lead the Team

• Hire, mentor, and grow a high-performing Threat Research team over time.

• Evolve the function from internal product-focused research into broader external thought leadership (publications, conference talks, industry reports).

• Foster a culture of curiosity, rigor, and impact-driven research.

• 10+ years of experience in threat research, detection engineering, incident response, or threat intelligence, with a proven track record of hands-on technical work.

• Prior experience as a manager or senior individual contributor who has successfully built or scaled a threat research capability from scratch.

• Deep expertise in attacker tradecraft, real-world TTP mapping (MITRE ATT&CK), IOC analysis, and incident response processes.

• Strong experience working directly with Product and Engineering teams in a security product company or vendor environment.

• Demonstrated ability to analyze security telemetry and translate complex findings into product improvements and business-relevant insights.

• Excellent written and verbal communication skills, including executive briefing experience.

Preferred Qualifications

• Background in graph-based analytics, security graphs, or network segmentation/zero-trust environments.

• Hands-on experience with large-scale telemetry analysis and detection engineering.

• Familiarity with data science or ML techniques applied to threat detection.
  Track record of publishing threat research or speaking at industry conferences.

• Previous leadership role at a cybersecurity product company (endpoint, network security, or analytics-focused vendor).

• Experience integrating external threat intelligence and vulnerability data into product features.

• Public thought leadership portfolio (blogs, reports, talks, or open-source contributions).

Who You Are

• A researcher at heart who thrives on diving into raw data to uncover hidden patterns and real-world attacker behaviors.

• A pragmatic builder who can deliver immediate product value while simultaneously designing a scalable, world-class function.

• Equally comfortable in deep technical analysis and high-level executive or customer conversations.

• A collaborative leader excited to turn cutting-edge threat research into measurable product differentiation and customer protection.

• Passionate about bridging real-world threats with innovative security graph technology to stay ahead of adversaries.

#LI-PO1 #LI-ONSITE

Our Commitment

Illumio believes that an environment of unique backgrounds, experiences, viewpoints, and individual contributions creates a culture of belonging, drives our future, and makes us stronger together in support of our customers and their success.

All official job offers from our company are extended directly by our recruitment team and will be sent through an official E-Signature document for your review and signature. Please be aware that we do not ask for any personal information in the process of extending offers of employment, such as financial details or social security numbers. Upon acceptance of any offer, we will request such information as part of the onboarding process prior to or on your first day of employment, and only after completing a background check through an authorized third-party vendor. If you receive any communication asking for personal details outside of these processes, please contact us immediately to verify the authenticity of the request. Your security is important to us, and we are committed to a safe and transparent hiring experience.

For roles in San Francisco and Los Angeles: Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Illumio will consider for employment qualified applicants with arrest and conviction records.