Build Your Career.
Not Someone Else's
Headcount.

About the Role

We're looking for someone early in their career who wants to build real detection skills alongside practitioners who've been doing this for years. You'll be working in a managed detection environment, triaging alerts, investigating incidents, and learning detection engineering from people who write the rules — not just apply them. Your hiring manager is Renata Osei, a 7-year AllThreats veteran who was promoted from this exact role.

What You'll Actually Do

• Monitor and triage security alerts across managed client environments (target: 40–60 alerts per shift, with full support from the team)
• Investigate escalated alerts with guidance from senior analysts — no solo decision-making on your first month
• Write incident reports for internal use; client-facing documentation comes after 60 days when you're ready
• Participate in detection rule review sessions — you'll contribute ideas, not just execute tickets
• Attend at least one team knowledge share per month; you're expected to bring questions, not just answers
• Paired mentorship with a senior analyst for your first 6 months — named, scheduled, not optional

What We're Looking For

• 0–2 years of experience in a security environment — internships, labs, home labs, and student SOC programs count
• Familiarity with SIEM concepts (you don't need to be a Splunk expert yet — you'll learn on the job)
• Basic understanding of network protocols and log analysis; curiosity to go deeper
• Security+ or equivalent knowledge base (certification not required at hire — we'll fund it within 90 days)
• Ability to communicate clearly under pressure and ask for help when you need it
• Eligible to work in the US — we do not require a clearance for this role

Shift & Compensation

• Rotating shifts across a 5-team schedule — you'll know your schedule 4 weeks in advance
• Night and weekend shifts are compensated with a 15% differential — on top of base salary, not instead of PTO
• On-call is not required for Analyst I. You'll opt into an on-call rotation after 12 months, with additional pay.
• Shift swaps are supported and encouraged — we don't penalize people for having lives

Benefits — All Published, No Surprises

About the Role

This role sits on the ThreatMap intelligence team producing finished intelligence products for our enterprise client base. You'll work with a named team of analysts, have direct access to clients, and contribute to the detection logic that our MDR clients depend on. Devon Choi leads this team — they've been at AllThreats for 6 years, were promoted twice, and built most of the frameworks you'll be using.

What You'll Actually Do

• Produce finished intelligence products — threat actor profiles, campaign reports, executive briefs — for 8–12 named clients
• Monitor collection sources (open, closed, and proprietary via ThreatMap) and synthesize signals into actionable intelligence
• Map threat actor TTPs to MITRE ATT&CK and collaborate with Detection Engineering on rule development
• Participate in client briefings — you'll present your own work, not hand it to an account manager
• Contribute to team methodology documentation; your analysis frameworks become team assets
• On-call rotation is approximately 1 week per 8-week cycle, fully disclosed and compensated at 1.25x base rate

What We're Looking For

• 2–3 years of experience in threat intelligence, security analysis, or a related field
• Demonstrated ability to write finished intelligence products — not just raw analysis
• Familiarity with MITRE ATT&CK and intelligence tradecraft fundamentals
• Curiosity about threat actor motivations, not just their tools
• GREM, GCTI, or equivalent is a genuine plus — not a screen-out if absent
• No clearance required — cleared candidates welcome but this role does not require access to classified material

Benefits — All Published, No Surprises

About the Role

This role supports recruiting across AllThreats — primarily for technical positions in Security Operations, Threat Intelligence, and Detection Engineering. You'll manage 8–12 open requisitions at a time (not 20–30), with dedicated coordinator support, and your success is measured on quality of hire and candidate experience — not just offer acceptance rate. Adriana Orellana leads this team and has been at AllThreats for 5 years recruiting for roles she'd take herself.

What You'll Actually Do

• Own full-cycle recruiting for 8–12 open roles — technical screening included, not outsourced to hiring managers
• Partner with hiring managers to define role requirements before posting, not after candidates are already in process
• Provide structured feedback to every candidate who reaches a phone screen — form letter feedback is a last resort, not a first response
• Source proactively using LinkedIn, community events, and referrals — we don't rely entirely on inbound
• Contribute to structured interview design for your requisitions — you help set the criteria, you don't just schedule
• Participate in at least one DEI sourcing initiative per quarter — with dedicated time, not as an afterthought

What We're Looking For

• 2–4 years of full-cycle recruiting experience; cybersecurity or technical recruiting a plus, not a requirement
• Track record of providing structured candidate feedback — not just offer/decline
• Comfort managing ambiguity without managing it by just filling roles fast
• Genuine curiosity about the technical roles you'll be recruiting for — you don't need to be an analyst, but you should want to understand what one does
• Experience with Greenhouse or similar ATS
• SHRM-CP or equivalent is a nice-to-have — we'll support you in getting it if not

How We Measure Success

• Offer acceptance rate and quality-of-hire ratings from hiring managers at 90 days
• Candidate experience scores (we survey every candidate who reaches a phone screen)
• Time-to-fill, weighted against requisition complexity — we don't compare a SOC Analyst I to a VP Engineering
• Diversity of interview slate — we track this and hold it as a success metric, not just a nice-to-have

Benefits — All Published, No Surprises

About the Role

Detection Engineering at AllThreats means writing rules that actually matter — tuned to real threat actors, validated against our MDR client environments, and continuously improved based on what our TI team is seeing. You'll own your detection logic end-to-end, contribute to purple team exercises, and have direct access to the threat intelligence that informs your work. This is a practitioner role with real ownership, not a support function.

What You'll Actually Do

• Develop, test, and maintain detection rules across SIEM and EDR environments for our MDR clients
• Analyze alert performance data and tune detection logic — you'll own the feedback loop, not just execute tickets
• Collaborate with the TI team to translate threat actor TTPs into detection coverage — the intel team sits 10 feet away (or on Slack)
• Participate in quarterly purple team exercises to validate your detection coverage against real attack scenarios
• Contribute to runbook development and team documentation — you own what you build
• On-call rotation approximately 1 week per 8-week cycle — compensated at 1.25x base rate, disclosed upfront, not buried

What We're Looking For

• 1–3 years of experience in detection engineering, SOC analysis, or security research
• Working knowledge of SIEM query languages (SPL, KQL, or Sigma — we'll teach you the others)
• Scripting ability in Python or similar — you don't need to be a developer, but you should be comfortable writing automation
• Familiarity with MITRE ATT&CK and its application to detection logic
• GCIA or GCFE preferred but not required at hire — we'll fund the certification within your first year
• Cloud environment exposure (AWS, Azure, or GCP) is useful — deep expertise is not required at this level

Benefits — Full Disclosure