Principal Threat Researcher, Software Engineer (Counter-Threat Ops)

Airkit

Airkit

Software Engineering, Operations

Seattle, WA, USA · Remote

Posted on Apr 24, 2026
Apply now

Description

Our Threat Intelligence team focuses on defending our organization and our customers by cutting through the noise and identifying who’s targeting us and what emerging threats we need to prepare for. Our team includes those who have faced nation state, eCrime, and other types of adversaries in threat intelligence, incident response, and/or threat detection functions in past lives. We use our wide expertise to drive direction, support investigations, and uplift security as a whole across Salesforce.

Role Description:

As a Principal Threat Researcher (Counter-Threat Ops), you don't just track threats—you neutralize them. You are a key pillar of the Threat Intelligence (TI) team, specifically focused on the art of adversary disruption. You will lead the charge in identifying, tracking, and imposing friction on threat actors targeting the Salesforce ecosystem. This is a "hands-on-keyboard" technical leadership role as an individual contributor. You will perform deep-dive research across massive datasets to extract tactics, techniques and procedures (TTPs), build complex attacker profiles, and turn that intelligence into action. Whether you are partnering with hyperscalers to take down attacker infrastructure or working alongside multi-national law enforcement to support criminal prosecution, your goal is to make it expensive and dangerous for adversaries to operate against Salesforce and our Customers.

Responsibilities

  • Adversary Disruption & Denial: Lead initiatives to disrupt threat actor operations by leveraging Salesforce infrastructure and strategic partnerships with hyperscalers (AWS, GCP, MAS), CDNs, and network security providers.

  • Law Enforcement Collaboration: Develop high-fidelity technical evidence and attribution data to support US and European law enforcement in the successful criminal prosecution of threat actors.

  • Strategic Intelligence Ecosystem: Deepen Salesforce’s reach into the broader cyber intelligence community, fostering peer-to-peer partnerships with other industry disruption teams to build a collective defensive picture.

  • Advanced Threat Tracking: Perform expert-level tracking of advanced e-crime and state-sponsored actors, distilling complex tactics, techniques, and procedures (TTPs) into actionable intelligence for executives and technical stakeholders.

  • Tactical Tooling & Automation: Build custom scripts, investigative tools, and automation (Python, SQL, Splunk) to scale research and enable "on-the-fly" analysis during active campaigns or incident response.

  • Technical Mentorship: Serve as a technical mentor on the Threat Intelligence team, guiding junior researchers and driving the direction of investigations through deep subject matter expertise. You will be collaborating on this with

  • Cross-Functional Influence: Act as a central bridge between Incident Response, Security Engineering, and Platform Defense to ensure intelligence directly hardens our environment.

  • Build and ship high-quality, production-grade software using modern engineering practices, with AI as a core part of your development workflow by pushing the boundaries of AI development tools to deliver secure, optimized, and high-quality code.

  • Design and orchestrate complex systems where AI agents integrate seamlessly into human workflows, driving efficiency and innovation at scale.

  • Contribute to building and maintaining the shared system context, an explicit repository of system designs, constraints, and standards that enables AI to operate accurately and reliably.

  • Critically evaluate code (Human or AI-generated) for correctness, quality, security, and performance

Minimum Requirements:

  • You have recognized, first-hand knowledge of how advanced adversaries operate and their tactics, techniques, and procedures (TTPs), with a focus on AWS, GCP, Azure, and other cloud providers

  • 10+ years of hands-on experience identifying, tracking, and disrupting advanced cyber threat actors (government-backed and advanced e-crime adversaries), including successful referrals to international Law Enforcement agencies

  • 5+ years hands-on experience with strategic intelligence writing and standard conventions (BLUF, Diamond Model, MITRE ATT&CK), with a proven track record of authoring dozens of research articles and public-facing blog posts

  • Established threat intelligence practitioner and active member of private, invite-only Information Security trust groups with extensive industry and community contacts

  • Experience with Cyber Threat Intelligence writing for both technical, non-technical, and executive audiences - ideally with threat briefings, threat reports, blog posts, or similar finished intelligence

  • A capable oral and written communicator, you are able to engage others in the business at multiple levels to translate threat research into actionable recommendations to shape strategy and decisions

  • Experience conducting and correlating threat research using OSINT and proprietary tools, including infrastructure analysis, malware telemetry, and full attack lifecycle tracking

  • You operate autonomously to drive projects and have experience mentoring and supporting junior analysts in a globally distributed or remote team environment

  • You have an understanding existing and emerging threats to an organization spanning multiple industries and threat profiles

  • 3+ years experience scripting, automating, and building investigative tooling (Python, Bash, SQL, Splunk) and using YARA or Sigma for threat hunting

  • Identify patterns and trends across various data sources and distill findings concisely

  • A demonstrated, genuine AI-first approach to engineering. Using AI to move faster, build fluency across the stack, and contribute well beyond your core specialty.

  • Experience using AI tools (e.g., Claude Code, GitHub Copilot, Codex, Cursor, etc.) in development workflows

  • Advanced prompt engineering skills and the ability to write precise, structured prompts and cultivate the system context that makes AI outputs reliable, secure, and production-ready.

  • A related technical degree required

Preferred Requirements:

  • Extensive experience collaborating with global law enforcement agencies (e.g., FBI, Europol) on attribution and evidence collection resulting in successful prosecutions and takedowns

  • Experience using Threat Intelligence Platforms, and building integrations with these platforms

  • Extensive experience using Machine Learning automation for the detection and disruption of high-harm groups and platform-based abuse

  • Deep familiarity with reverse engineering, malware analysis, and knowledge of underground communities

  • Experience with security analysis tools (Jupyter notebooks, Splunk, ElasticSearch, etc)

  • Extensive experience with uncovering threats in AWS, Microsoft Azure, and Google Cloud

  • Expert-level use of hunting/IR tools for host and network analysis

  • Recognized industry leader in the threat Community

  • You have performed all of the above “at scale“ in a large, complex environment

Apply now
See more open positions at Airkit