Job Summary

About Team

Rubrik Zero Labs is on a mission to deliver actionable, vendor-agnostic insights to reduce data security risks. We assess real-world cyber threats to advance cyber resilience best practices for global organizations.

About the Role

We are assembling a new, elite threat research and intelligence team under Rubrik Zero Labs  with a singular mandate: to provide the industry’s most advanced visibility into the adversary landscape. Unlike traditional teams limited by transient network or endpoint signals, we will leverage vast reservoirs of backup data to detect and expose latent and highly evasive threats that dwell silently within the environment. We are not just building a team; we are building a capability designed to rival the world’s premier intelligence units by turning data itself into our most powerful sensor.

As a Staff Threat Researcher, you will be one of the founding architects of this mission. You won't just analyze threats; you will define the methodologies, build the infrastructure, and set the standard for how the organization detects, attributes, and exposes global cyber threats. This is an opportunity for a seasoned threat researcher to leave their mark on the industry by building the technical foundation of a world-class unit from the ground up.

What you'll Do

    • Hunt the Unknown: Lead deep-dive investigations into advanced persistent threats (APTs), nation-state actors, and complex cybercrime syndicates. 
    • Decode the AI Threat Landscape: Pioneer research into the weaponization of Artificial Intelligence. You will investigate adversarial AI tactics—from LLM-assisted malware generation and deepfakes to prompt injection and model poisoning.
    • Build the Foundation: Architect and implement our threat intelligence platform (TIP), malware detonation sandboxes, and automated ingestion pipelines. 
    • Thought Leadership: Emulating the industry's best, you will serve as the external face of our research. You will author technical whitepapers, detailed blogs, and represent the organization at top-tier conferences (Black Hat, DEFCON, RSA etc.).
    • Reverse Engineering: Dissect complex malware families to extract configuration data, command-and-control (C2) protocols, and attribution artifacts.
    • Detection Engineering: Translate raw intelligence into high-fidelity protection. You will write and maintain the YARA rules that protect our customer base.
    Intelligence Fusion: Collaborate with engineering and product teams to ensure our findings are immediately weaponized into product capabilities.

Experience you'll need

    • 7–10+ years of experience in Threat Intelligence, Incident Response, or Malware Analysis, with a track record of tracking threat actor groups (e.g., Lazarus, APT28, FIN7 etc.).
    • Deep Technical Tradecraft:
      • Expertise in static and dynamic malware analysis (IDA Pro, Ghidra, x64dbg).
      • Strong proficiency in Python or Go for automating data collection, unpacking malware, and building custom analysis tools.
    • Adversary Knowledge: A comprehensive mental map of the global threat landscape, including the TTPs (Tactics, Techniques, and Procedures) mapped to the MITRE ATT&CK framework.
    • Infrastructure Analysis: Proven ability to pivot through attacker infrastructure using passive DNS, Whois, SSL certificate analysis, and netflow data.
    Communication: Exceptional writing skills. You must be able to synthesize complex technical findings into compelling narratives for both technical and executive audiences.

Preferred Qualifications:

  • Published Researcher: A portfolio of public-facing research (blogs, whitepapers) that has influenced the security community.
  • Adversarial AI & ML Security: Practical understanding of the intersection between AI and cybersecurity, including experience with LLM red-teaming, detecting AI-generated attacks, or analyzing how actors leverage generative AI for offensive operations.
  • Intelligence Architecture: Experience setting up MISP, OpenCTI, or commercial TIPs from scratch.

Cryptanalysis: Understanding of cryptographic primitives used by ransomware and C2 protocols.

Industry certifications such as GCTI, GCFA, or OSCP are a bonus.

To know more about Zero Labs - https://zerolabs.rubrik.com/

Join Us in Securing the World's Data

Rubrik (RBRK), the Security and AI Operations Company, leads at the intersection of data protection, cyber resilience, and enterprise AI acceleration. Rubrik Security Cloud delivers complete cyber resilience by securing, monitoring, and recovering data, identities, and workloads across clouds. Rubrik Agent Cloud accelerates trusted AI agent deployments at scale by monitoring and auditing agentic actions, enforcing real-time guardrails, fine-tuning for accuracy and undoing agentic mistakes. 

Linkedin | X (formerly Twitter) | InstagramRubrik.com

Inclusion @ Rubrik

At Rubrik, we are dedicated to fostering a culture where people from all backgrounds are valued, feel they belong, and believe they can succeed. Our commitment to inclusion is at the heart of our mission to secure the world’s data.

Our goal is to hire and promote the best talent, regardless of background. We continually review our hiring practices to ensure fairness and strive to create an environment where every employee has equal access to opportunities for growth and excellence. We believe in empowering everyone to bring their authentic selves to work and achieve their fullest potential.

Our inclusion strategy focuses on three core areas of our business and culture:

  • Our Company: We are committed to building a merit-based organization that offers equal access to growth and success for all employees globally. Your potential is limitless here.

  • Our Culture: We strive to create an inclusive atmosphere where individuals from all backgrounds feel a strong sense of belonging, can thrive, and do their best work. Your contributions help us innovate and break boundaries.

  • Our Communities: We are dedicated to expanding our engagement with the communities we operate in, creating opportunities for underrepresented talent and driving greater innovation for our clients. Your impact extends beyond Rubrik, contributing to safer and stronger communities.

Equal Opportunity Employer/Veterans/Disabled

Rubrik is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.

Rubrik provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, Rubrik complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. 

Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please contact us at hr@rubrik.com if you require a reasonable accommodation to apply for a job or to perform your job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.

EEO IS THE LAW

NOTIFICATION OF EMPLOYEE RIGHTS UNDER FEDERAL LABOR LAWS

Apply For This Job

* Required

Please view our Candidate Privacy Notice here.