Senior Threat Researcher II

Sumo Logic • Remote (Remote, USA) • 1m ago

Why This Job is Featured on The SaaS Jobs

Threat research sits at the intersection of product security, detection engineering, and customer outcomes—an increasingly central function for SaaS platforms that operate cloud SIEM and log analytics at scale. This role is featured because it contributes directly to the detection content that ships to a multi-tenant security product, turning real-world adversary behavior into practical rules that protect a broad customer base across varied cloud environments.

For a long-term SaaS security career, the work builds durable strengths: translating research into deployable content, validating detections in lab infrastructure, and iterating based on telemetry. The collaboration with product management and engineering also reflects how modern SaaS security teams influence roadmap decisions through practitioner feedback, rather than operating as a standalone research function. Experience spanning AWS/Azure/GCP log sources and multiple tech stacks is particularly portable across security vendors and cloud-native software companies.

This position tends to suit senior practitioners who prefer hands-on investigation and content development, and who enjoy balancing independent research with cross-functional alignment. It also fits professionals motivated by publishing and community contribution, where external writing or talks complement internal impact without being the primary deliverable.

The section above is editorial commentary from The SaaS Jobs, provided to help SaaS professionals understand the role in a broader industry context.

Job Description

Senior Threat Researcher II

Sumo Logic Threat Labs is a team of security experts responsible for developing and applying cyber threat intelligence, technology, hunting, and tradecraft to research and develop threat detections for Sumo Logic Cloud SIEM customers. Threat Labs is by design a fast-paced, demanding, and mission-focused team. Sumo Logic is in search of an experienced and visionary Manager for Threat Labs.

Threat Labs is looking for a senior-level threat researcher to join us in defending multiple organizations and technologies, by researching and creating detection content for Sumo Logic. This individual must love data (logs), and understand the role modern SIEM plays in organizations today; additionally, they must understand the importance of applying practitioner experience in helping customers do the job they need to do with SIEM. Threat Labs research includes exploration and exploitation of various cloud technologies, to create high quality practical detections. We’re looking for someone who can build out, test, and help us push the envelope on research driven detections.

Responsibilities

Research, Develop, and Test detection rules within lab infrastructure
Work with product management to identify focus of research and development campaigns
Maintain and expand threat research lab infrastructure
Provide practitioner feedback to engineering and product management regarding features and roadmap
Research industry trends for detection opportunities
Contribute to the community through blogs, conference talks, open source projects etc.
Align with Threat Detection Engineering on content development efforts and deployment

Requirements

8+ years of cybersecurity experience
- Ideally a combination of the following:
  - Senior/Principal SOC Analyst
  - Purple Team and/or hunting
  - Incident response
Experience sourcing threat detections from research to deployment
Knowledgeable of multiple technology stacks and willingness to learn new technologies
Experience working in at least one public cloud (AWS, Azure, GCP)
Experience analyzing cloud infrastructure log telemetry
Contributed cybersecurity blogs or linkedIn posts, and conference talks

Desirable

Experience in customer facing technical role (consulting, IT help desk/remote support)
Offensive cybersecurity tool experience (Atomic Red Team, Sliver, Cobalt Strike etc)
Scripting experience (Python, PowerShell, etc)
Experience with Security Orchestration, Automation, and Response (SOAR) technology
Established social media presence in the cybersecurity industry/community (Twitter and the like)
Experience working within the cybersecurity vendor industry, with an understanding of product management and providing feedback into the process

About Us

Sumo Logic, Inc. helps make the digital world secure, fast, and reliable by unifying critical security and operational data through its Intelligent Operations Platform. Built to address the increasing complexity of modern cybersecurity and cloud operations challenges, we empower digital teams to move from reaction to readiness—combining agentic AI-powered SIEM and log analytics into a single platform to detect, investigate, and resolve modern challenges. Customers around the world rely on Sumo Logic for trusted insights to protect against security threats, ensure reliability, and gain powerful insights into their digital environments. For more information, visit www.sumologic.com.

Sumo Logic Privacy Policy. Employees will be responsible for complying with applicable federal privacy laws and regulations, as well as organizational policies related to data protection.

The expected annual base salary range for this position is $141,000 - $165,000. Compensation varies based on a variety of factors which include (but aren’t limited to) role level, skills and competencies, qualifications, knowledge, location, and experience. In addition to base pay, certain roles are eligible to participate in our bonus or commission plans, as well as our benefits offerings.

Must be authorized to work in the United States at time of hire and for duration of employment. At this time, we are not able to offer nonimmigrant visa sponsorship for this position.