Go Enterprise, contact us anytime: email, phone, or chat


Have you spent time hunting threats inside and outside networks? Developed and tracked activity groups? Want to use those skills to hunt those who threaten civilization? Want to catch and expose threats targeting power plants, water, manufacturing systems, and other industrial control systems? Dragos threat intelligence works to discover these threats, develop innovative analytics for detection, support investigations and incident response, and provide customers with world-class situational awareness. Unlike many other teams with a broader mission, we focus solely on operational threats to industrial control networks; this gives our analysts the time and space necessary to do world-class research and intelligence on the most advanced and significant threats in the world. Most analysts as they progress in their career are required to increase their scope thereby losing many critical skills – this is an opportunity for experienced analysts to drop back down into a highly technical and specific area of critical importance becoming one of the few ICS threat hunters in the world. A rare opportunity for many.

At Dragos, we are not traditional intelligence analysts; we are hunters of evil which threatens the functions of civil society. We are dedicated to the idea that intelligence not properly communicated is not intelligence at all. We support our Dragos Platform through vulnerability analysis, threat intelligence, and behavioral analytics. We support Dragos Professional Services through intelligence support to incident response, assessment, and managed threat hunting.

Dragos is primarily located in Maryland and our Threat Intelligence team is mainly remote.

This is a principal or senior-level position. This is not an entry-level position for inexperienced analysts or those seeking to transition hunting. Prior hunting experience against advanced and persistent threats is a requirement.


  • 5+ years’ hunting and tracking targeted threats
  • 5+ years’ experience with network-based intrusion analysis
  • Knowledge of common malware functionality and operations and comfortable working with static and dynamic binary analysis output
  • 5+ years developing analytics to enable threat hunting and detection
  • Experience pivoting across the Diamond Model, all stages of the Kill Chain, and ATT&CK
  • Demonstrable experience producing customer-facing intelligence reports with strong writing skills
  • Experience developing indicators of compromise (IOCs) for customer-facing applications
  • 1+ year working directly with customers to collect requirements and feedback on intelligence products and services
  • Able to work well with a remote team of collaborators and deliver product on time and within quality guidelines
  • Comfortable in at least one scripting language (like Python) enabling the analyst to automate their own tasks when necessary
  • Good research and documentation skills including knowledge of major OSINT sources and their investigatory value
  • Nice to Have
  • Experience with industrial control systems and threats specific to their operational environment
  • Experience reverse engineering malware with static and/or dynamic tools and techniques
  • Experience developing YARA, snort, and/or Bro signatures
  • Experience working with an operations center and/or incident response team


  • Travel Up to 25%
  • Incentives Stock options
  • Clearance & Citizenship No requirements
  • Remote Work Full remote okay
  • Education No requirements
  • Salary Range Not provided

Join NinjaJobs!

Registered users get the benefit of full listing views, searches, posting options and more!

Company Ratings powered by

  • 4.0

    Overall Rating - Satisfied

  • Culture and Values 2.9
  • Work/Life Balance 3.5
  • Senior Management 3.4
  • Comp and Benefits 4.5
  • Career Opportunities 4.0