Lead Threat Hunter (Remote)

About Us

At AppOmni, we are redefining how organizations secure their SaaS environments. As the leader in SaaS Security, we help enterprises protect their most critical data and applications by detecting and responding to threats across platforms such as Salesforce, ServiceNow, Microsoft 365, and Google Workspace.

We are not only building tools, we are building the future of SaaS threat defense. Our Threat Detection service is central to that mission, combining SaaS-native telemetry, advanced detection engineering, and world-class expertise to keep our customers safe from today’s most advanced adversaries.

If you are passionate about hunting adversaries, creating tools that scale, and shaping a service from the ground up, this is your opportunity to make a significant impact.

What We’re Looking For

We are hiring our first dedicated Threat Hunter, a hands-on expert who thrives in fast-moving environments, is motivated by the challenge of uncovering threats, and is eager to build new capabilities. In this role, you will be at the forefront of proactive SaaS threat detection and response, helping our customers identify stealthy behaviors, malicious activity, and SaaS-specific attack patterns that others miss.

You will also have the opportunity to shape the foundation of a new managed hunting service. This includes developing playbooks, building tooling, and collaborating closely with research and engineering teams to establish how AppOmni delivers SaaS threat detection and response at scale. This role will be reporting directly into the R&D organization. 

What You’ll Do

• Continuously hunt across SaaS telemetry to identify emerging threats, malicious behavior, and risky activity.
• Build hypotheses-driven hunts leveraging frameworks like MITRE ATT&CK and SaaS-specific threat models.
• Develop scripts, tools, and automations to accelerate investigations and scale detection workflows.
• Engage directly with customers, providing clear incident summaries, recommended actions, and trusted guidance.
• Create and refine playbooks for alert triage, hunting, and incident response.
• Partner with Threat Research and Engineering teams to evolve detection coverage and analyst workflows.
• Deliver feedback loops from real-world investigations into product improvements and new detections.

What You Bring

• 5+ years hands-on experience in SOC, threat hunting, detection engineering, or incident response.
• Knowledge of at least one popular programming language (Python, Go, Rust, etc.) and the ability to use it for automation, tooling, or detection development.
• Deep understanding of adversary TTPs, SaaS attack surfaces, and modern threat landscapes.
• Experience creating custom detection rules, queries, or playbooks across SIEM/XDR/EDR platforms.
• Comfort engaging with customers, with the ability to translate technical findings into business-relevant risk and remediation guidance.
• Familiarity with APIs, data query languages (SQL, KQL, SPL, etc.), and large-scale log analysis.
• Startup mindset: self-directed, resourceful, and energized by building new processes.
• Background in MDR, Managed Security, or Managed Threat Hunting services with direct customer interaction.

Nice-to-Haves

• Exposure to SaaS platforms (Salesforce, ServiceNow, Google Workspace, Microsoft 365, etc.) and their security models.
• Contributions to open-source security tools, detections, or research.
• Experience with threat intelligence workflows, enrichment pipelines, or OSINT tools.
• Familiarity with cloud-native environments (AWS, GCP, Azure) and containers (Docker, Kubernetes).
• Experience helping build or scale MDR or managed hunting services, including defining playbooks, escalation paths, or customer engagement models.