Threat ATG & VMDR Expert

Armis, the cyber exposure management & security company, protects the entire attack surface and manages an organization’s cyber risk exposure in real time. In a rapidly evolving, perimeter-less world, Armis ensures that organizations continuously see, protect and manage all critical assets - from the ground to the cloud. Armis secures Fortune 100, 200 and 500 companies as well as national governments, state and local entities to help keep critical infrastructure, economies and society stay safe and secure 24/7.

Armis is a privately held company headquartered in California.

Armis is the leading unified asset visibility and cybersecurity intelligence platform — trusted by Fortune 100 enterprises and governments to protect unmanaged, IoT, OT, and IT environments.

Our AI-powered Armis Centrix™ platform delivers real-time asset intelligence to secure the unseen — enabling organizations to understand their entire attack surface and act fast against emerging threats.

This senior technical role blends Advanced Threat Group (ATG) intelligence with Early Warning Detection & Response (VMDR) capabilities to drive real-time visibility, rapid response, and global threat resilience for Armis customers.

You will design, build, and operationalize detection and response workflows that turn intelligence into action — helping customers anticipate, detect, and neutralize sophisticated adversary behaviors.

• Lead the Threat ATG and VMDR function— integrating threat intelligence, behavioral analytics, and customer telemetry into coordinated response operations. Along with Advocating and demonstrating the Armis ASQ approach to threat management Research, analyze, and attribute threat actor activity, tactics, and campaigns into usable and relevant content to Armis’ customer base.
• Develop custom detection logic, playbooks, and hunt queries for Centrix

• Fuse threat intelligence (IOCs, TTPs, MITRE ATT&CK) with vulnerability, detection, and exposure data to create actionable detection strategies.
• Automate threat detection and response pipelines using Python, Power Shell, or REST APIs.
• Drive incident triage, containment, and response coordination for customer environments, in collaboration with regional CS and Security Engineering teams.
• Maintain a continuous feedback loop between Threat Intel, EWDR, and Product Engineering to improve detection coverage and response accuracy.
• Publish weekly threat summaries, dashboards, post-incident analyses and other consumable content for Centrix Customers tailored to customer environments.
• Support red/blue-team and purple-team exercises, validating threat coverage and refining response readiness.
• Serve as a regional subject-matter expert for emerging attack vectors targeting IoT, OT, and cloud-native environments.

• 7 + years of experience in Threat Intelligence, Detection Engineering, or Incident Response.
• Deep understanding of Armis and ASQ. MITRE ATT&CK, TIBER, Diamond Model, and adversary emulation frameworks.
• Hands‑on experience with SIEM/SOAR tools such as Splunk ES, Sentinel, Chronicle, Cortex XSOAR, or QRadar.
• Proven ability to correlate threat, vulnerability, and asset data for contextual risk prioritization.
• Proficiency in scripting/automation (Python, Power Shell, Bash, REST APIs).
• Strong knowledge of cloud & container threat detection (AWS Guard Duty, Azure Defender, GCP Security Command Center, Kubernetes audit logging).
• Experience performing or supporting incident response, malware analysis, and threat hunting.
• Excellent communication and presentation skills, especially in customer‑facing security contexts.

• Prior experience in SaaS or cybersecurity product organizations delivering managed detection or threat intel services.
• Familiarity with Armis Centrix™ or other asset‑intelligence / exposure‑management platforms.
• Certifications:
  
  GCTI, GCFA, GREM, GCIA, CISSP, CISM, or OSCP.
• Experience creating threat models and detection coverage matrices mapped to MITRE ATT&CK.

Salary range guidance for this position is: $157,000 - $200,000. The…