Lead Threat Hunter

Nebulock is an agentic threat hunting platform that autonomously surfaces behaviors, not just IOCs, from various data sources. Nebulock acts like a teammate: a 24/7 AI threat hunter that investigates hypotheses, reasons through telemetry, and learns from an environment. Today, threat hunting is broken. Security teams spend weeks chasing alerts, writing detections by hand, and manually validating findings often just to confirm what their existing tools already flagged. Meanwhile, attackers exploit credentials, move laterally, and operate in silence. Nebulock flips the model. We continuously and autonomously hunt across endpoint, identity, and cloud telemetry. We identify the subtle behavioral signals that point to credential misuse, lateral movement, insider threats, and post-access activity. Then we turn those hunts into hardened, behavior-based detections automatically.

Nebulock has an established threat hunting function and we're growing the team.

You'll be a hands-on hunter and detection contributor, working directly with our Head of Threat Hunting to execute structured hunts, validate detections, and help translate what you find in the wild into product input. You won't own methodology top-down on day one, but you'll have a direct line into shaping it as you grow into the role.

Half your time is heads-down hunting across EDR, cloud, SIEM, and identity telemetry, working with design partners and stress-testing findings against real environments. The other half is partnering with detection engineering to pressure-test detection logic, validate AI-assisted workflows, and help translate hunting tradecraft into product priorities.

Threat Hunting (50%)

• Execute structured hunts across endpoint, identity, and log telemetry: post-compromise behaviors, lateral movement, insider threat patterns

• Develop and refine hunt hypotheses based on threat intel, telemetry gaps, and field findings

• Contribute to Nebulock's hunting methodology and help build repeatable, productizable detection logic

• Engage with design partners to tune detections, validate findings, and surface product-relevant insights

Product & Detection Engineering (50%)

• Work with the detection engineering team to review and improve detection coverage

• Validate and iterate on AI-assisted detection workflows and know when the model is wrong

• Prototype new hunting approaches and contribute to decisions about what's worth building into the product

• Translate hunt findings into structured logic, data requirements, and feature input

• 3-5 years in threat hunting, detection engineering, or incident response, with real hands-on depth in at least one of EDR, cloud, SIEM, or identity telemetry

• Solid intuition for adversary behavior: you think in TTPs, not just indicators

• Some experience developing or improving detection logic, not just consuming it

• Comfortable operating with limited process and some ambiguity

• Can communicate findings clearly to technical peers and, when needed, to customers

• Exposure to AI/ML-assisted detection workflows

• Background working with or building security products

• You've contributed to a hunting program beyond just executing hunts

• Real influence over methodology, tooling, and team culture as we grow

• A direct line between your hunts and what ships in the product

• No silos: you'll work across hunting, engineering, and customer engagements

• Thought leadership opportunities: publishing research, frameworks, and hunting insights

• Competitive salary and performance-based bonuses.

• Flexible PTO and a remote work environment built on trust.

• Comprehensive health, dental, and vision insurance.

• A collaborative, agile culture that values transparency, cross-departmental teamwork, and continuous learning.

• The opportunity to be a foundational member of the CS team, shaping how we support and protect our clients.