Manager Threat Research (Adversary Emulation)

At Arctic Wolf, you will not just watch the cybersecurity industry evolve – you will help lead the change. Our global team is made up of people who thrive on solving complex problems, moving quickly, and building technology that protects organizations around the world. We are proud to be recognized by Forbes, CNBC, Fortune, CRN, Gartner Peer Insights, and International Data Corporation MarketScape. What matters most is the work behind these recognitions: delivering real outcomes for customers through award-winning innovation such as our Aurora Platform.

If you are looking for meaningful work, smart teammates, and the opportunity to make a real impact in a high-growth company that is redefining security operations, Arctic Wolf is the right place for you.

Our mission is simple: End Cyber Risk.

We are looking for a Manager, Threat Research (Adversary Emulation) to help achieve this mission.

The Manager, Threat Research will contribute to our Arctic Wolf Labs organization by leading a team focused on adversary emulation, threat research, and detection development. This team is responsible for simulating real-world adversary techniques in controlled environments and developing high-quality detection content based on host, network, cloud, and identity telemetry.

This role combines technical leadership, people management, and strategic planning to ensure the successful delivery of innovative detection capabilities that strengthen Arctic Wolf’s ability to identify and respond to emerging threats.

IN THIS ROLE, YOU WILL:

• Lead and manage a team of threat researchers and detection developers responsible for adversary emulation and detection content development

• Partner with Product Management, Security Services, Engineering, and Arctic Wolf Labs leadership to define priorities and execute against strategic roadmaps

• Develop and deliver high-quality detection content across endpoint, network, cloud, and identity attack surfaces

• Guide the team in conducting adversary emulation activities to identify detection gaps and improve security coverage

• Support the team by providing technical direction, removing obstacles, and ensuring alignment with organizational objectives

• Execute and deliver against product and research roadmaps while contributing to longer-term strategy and planning

• Collaborate with architects and engineering leaders to define and execute technical initiatives and platform improvements

• Oversee the full software development lifecycle, ensuring quality, scalability, and operational excellence

• Drive development of anomaly-based and behavior-based detections with a focus on efficacy, performance, and customer value

• Ensure compliance with information security management system requirements, secure coding standards, and acceptable use policies

• Establish and maintain strong relationships with stakeholders across product management, security operations, engineering, and customer-facing teams

• Drive continuous improvements in development processes, detection quality, automation, and team effectiveness

• Monitor team performance, delivery metrics, and project execution to ensure successful outcomes

• Lead recruitment efforts and workforce planning activities to support team growth

• Manage team budgets, training investments, conference participation, and other administrative responsibilities

• Represent Arctic Wolf through technical leadership, industry engagement, and knowledge-sharing initiatives where appropriate

YOU WILL BE SUCCESSFUL IN THIS ROLE IF:

• You have 6 or more years of experience in cybersecurity with a focus on threat research, threat detection, detection engineering, or signature development

• You have at least 3 years of experience leading technical teams within cybersecurity, threat research, penetration testing, or related disciplines

• You have experience developing detection content using host, network, cloud, and identity telemetry

• You possess strong knowledge of Windows internals, Windows event logging, and Sigma rule development

• You have experience working with cloud and identity telemetry, including Amazon Web Services CloudTrail, Microsoft Azure Activity Logs, identity providers, application programming interface activity logs, and email security telemetry

• You have strong understanding of network protocols, network security architecture, and network monitoring technologies

• You have experience with intrusion detection and prevention systems, threat intelligence platforms, and Suricata rule development

• You are proficient in scripting languages such as Python, Bash, or PowerShell

• You have experience working with Security Information and Event Management platforms such as Splunk, Elasticsearch, or similar technologies

• You have demonstrated success developing, tuning, and optimizing anomaly-based and behavior-based detections

• You have experience leading agile software development teams and delivering complex technical projects

• You have a proven history of technical influence through public speaking, research publications, community contributions, or industry engagement

• You are passionate about mentoring others and helping detection engineers and researchers develop their technical capabilities

• You possess strong communication, organizational, and stakeholder management skills

Nice to Have:

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field

• Professional cybersecurity certifications such as Certified Information Systems Security Professional, eLearnSecurity Junior Penetration Tester, Offensive Security Certified Professional, or Offensive Security Certified Expert

• Experience conducting adversary emulation, red team, or purple team activities

• Experience working within managed detection and response or security operations environments

• Experience scaling threat research and detection engineering programs

WHAT SUCCESS LOOKS LIKE:

• Delivery of high-quality detection content that improves Arctic Wolf’s security coverage and customer outcomes

• Successful execution of adversary emulation initiatives that identify detection opportunities and strengthen defenses

• Consistent achievement of roadmap commitments and team objectives

• High-performing teams that are engaged, motivated, and continuously developing their skills

• Measurable improvements in detection efficacy, detection quality, and operational efficiency

• Strong collaboration across Product Management, Security Services, Engineering, and Arctic Wolf Labs teams

• Successful recruitment, onboarding, and development of technical talent

• Continuous improvement of research, development, and detection engineering processes

Do not meet all the requirements? That is okay. We still encourage you to apply. We have many opportunities and are always looking for strong talent.

On-Camera Policy

To support a fair, transparent, and engaging interview experience, candidates interviewing remotely are expected to be on camera during all video interviews. Being on camera fosters authentic connection, improves communication, and allows for full engagement from both candidates and interviewers. We understand that technical, bandwidth, or location-related challenges may occasionally prevent video use. If this applies, candidates are required to notify us in advance so we can explore appropriate accommodations.

At Arctic Wolf, we foster a collaborative and inclusive work environment that thrives on diversity of thought, background, and culture. This is reflected in our multiple awards, including Top Workplace United States, Best Places to Work United States, Great Place to Work Canada, Great Place to Work United Kingdom, and Kununu Top Company Germany. Our commitment to bold growth and shaping the future of security operations is matched by our dedication to customer satisfaction, with over 10,000 customers worldwide and more than 2,000 channel partners globally. As we continue to expand and enhance our technology, Arctic Wolf remains a trusted name in the industry.

Our Values

Arctic Wolf recognizes that success comes from delighting our customers, so we work together to ensure that happens every day. We believe in diversity and inclusion and value the unique perspectives all employees bring to the organization. By protecting sensitive data and working to end cyber risk, we contribute to an industry that serves the greater good.

We celebrate diverse perspectives through our Pack Unity program and encourage employees to participate in or create new alliances.

We also believe in corporate responsibility and have joined the Pledge One Percent movement to give back to our communities.

All employees receive compelling compensation and benefits packages, including:

• Equity for all employees

• Flexible annual leave, paid holidays, and volunteer days

• Training and career development programs

• Comprehensive private benefits plan including medical insurance for you and your family, life insurance equal to three times compensation, and personal accident insurance

• Fertility support and paid parental leave

Arctic Wolf is an equal opportunity employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics, or any other basis forbidden under applicable law. We are committed to fostering a welcoming, accessible, and inclusive environment.

Security Requirements

• Conduct duties in accordance with Arctic Wolf information security policies, standards, processes, and controls

• Background checks are required for this position

• This role may require access to information protected under United States export control laws and regulations