As a Security Research Intern in the Autonomous Attack Disruption team, you will join the frontlines of our Defenders mission to stop attacks in near real-time. Under the mentorship of experienced researchers, you will analyze real-world attacker TTPs (Tactics, Techniques, and Procedures), reasoning over large-scale datasets to write logic that autonomously identifies and disrupts attackers before they can achieve their objectives. You will investigate nation state attacks, from triage through full investigation to identify gaps in our detection and autonomous protection, extracting relevant TTPs and identifying new techniques used by nation state.
This role requires threat research expertise, attack investigation and analysis capabilities, with specific focus on sophisticated threats. This is your chance to identify the next nation state attack, and see your research findings transformed into live defense logic that protects millions of users. For doing that - you'll use all of reach data and platforms - frontier AI tools and flows to also build methodologies and tools to improve and automate invesitigation research.
Responsibilities
Investigate real-world nation state attacks to support the development of high-fidelity protection logic across complex cross-domain kill-chains.
Apply security expertise to analyze massive telemetry sets using big-data query languages (KQL), reasoning over data to identify novel malicious patterns and engineer evidence-based detection rules.
Contribute to the implementation and coding of automated capabilities that autonomously investigate nation state threats, using AI assisted tooling and agentic flows.
Assist in the refinement of protection coverage by analyzing real-world attack telemetry to improve the accuracy and performance of existing detection logics.
Contribute to a strategic feedback loop by documenting findings from attack data analysis to improve overall protection logic and system-wide security posture.
Partner with engineering and product teams to translate research insights into production-ready code, helping to validate protection concepts and ship them at a global scale.
Requirements: Required Qualifications
Must have at least 3 additional semesters before graduation - graduation date Summer 27 or later.
Proven hands-on experience in security research, threat hunting, or detection engineering roles (e.g., from specialized military service, previous internships, or a significant portfolio of independent research/investigation).
A proven "Hunter" mindset with a track record of identifying novel malicious patterns.
Basic proficiency in Python, C# or similar languages, with a focus on writing clean, functional, and scalable code.
Basic knowledge in query languages such as KQL, SQL or similar, as well as data analysis tools such as dashboards, pandas and similar.
Preferred Qualifications
Currently pursuing a Bachelor's or Masters Degree in Statistics, Mathematics, Computer Science or related field.
Deep understanding of the modern threat landscape, including hands-on familiarity with lateral movement techniques, credential theft, or cloud-native attack vectors.
Previous experience reasoning over large-scale datasets using big-data query languages (KQL/Kusto, SQL, or similar) to identify novel malicious patterns and drive evidence-based research decisions.
This position is open to all candidates.