Back to jobs
New

Threat ATG & VMDR Expert

North America

Armis, the cyber exposure management & security company, protects the entire attack surface and manages an organization’s cyber risk exposure in real time. In a rapidly evolving, perimeter-less world, Armis ensures that organizations continuously see, protect and manage all critical assets - from the ground to the cloud. Armis secures Fortune 100, 200 and 500 companies as well as national governments, state and local entities to help keep critical infrastructure, economies and society stay safe and secure 24/7.

Armis is a privately held company headquartered in California.

About Armis

Armis is the leading unified asset visibility and cybersecurity intelligence platform — trusted by Fortune 100 enterprises and governments to protect unmanaged, IoT, OT, and IT environments.
Our AI-powered Armis Centrix™ platform delivers real-time asset intelligence to secure the unseen — enabling organizations to understand their entire attack surface and act fast against emerging threats.

The Threat ATG & VMDR Expert will play a critical role in Armis’ global security strategy — uniting threat intelligence, detection engineering, and proactive defense to protect our customers across complex, hybrid ecosystems.

Role Overview

This senior technical role blends Advanced Threat Group (ATG) intelligence with Early Warning Detection & Response (VMDR) capabilities to drive real-time visibility, rapid response, and global threat resilience for Armis customers.
You will design, build, and operationalize detection and response workflows that turn intelligence into action — helping customers anticipate, detect, and neutralize sophisticated adversary behaviors.



Key Responsibilities

  • Lead the Threat ATG and VMDR function— integrating threat intelligence, behavioral analytics, and customer telemetry into coordinated response operations. Along with Advocating and demonstrating the Armis ASQ approach to threat management
    Research, analyze, and attribute threat actor activity, tactics, and campaigns into usable and relevant content to Armis’ customer base.
  • Develop custom detection logic, playbooks, and hunt queries for Centrix 

 

  • Fuse threat intelligence (IOCs, TTPs, MITRE ATT&CK) with vulnerability, detection, and exposure data to create actionable detection strategies.

  • Automate threat detection and response pipelines using Python, PowerShell, or REST APIs.

  • Drive incident triage, containment, and response coordination for customer environments, in collaboration with regional CS and Security Engineering teams.

  • Maintain a continuous feedback loop between Threat Intel, EWDR, and Product Engineering to improve detection coverage and response accuracy.

  • Publish weekly threat summaries, dashboards , post-incident analyses and other consumable content for Centrix Customers tailored to customer environments.

  • Support red/blue-team and purple-team exercises, validating threat coverage and refining response readiness.

  • Serve as a regional subject-matter expert for emerging attack vectors targeting IoT, OT, and cloud-native environments.

Required Qualifications

  • 7 + years of experience in Threat Intelligence, Detection Engineering, or Incident Response.

  • Deep understanding of Armis and ASQ. MITRE ATT&CK, TIBER, Diamond Model, and adversary emulation frameworks.

  • Hands-on experience with SIEM/SOAR tools such as Splunk ES, Sentinel, Chronicle, Cortex XSOAR, or QRadar.

  • Proven ability to correlate threat, vulnerability, and asset data for contextual risk prioritization.

  • Proficiency in scripting/automation (Python, PowerShell, Bash, REST APIs).

  • Strong knowledge of cloud & container threat detection (AWS GuardDuty, Azure Defender, GCP Security Command Center, Kubernetes audit logging).

  • Experience performing or supporting incident response, malware analysis, and threat hunting.

  • Excellent communication and presentation skills, especially in customer-facing security contexts.

Preferred Experience

  • Prior experience in SaaS or cybersecurity product organizations delivering managed detection or threat intel services.

  • Familiarity with Armis Centrix™ or other asset-intelligence / exposure-management platforms.

  • Certifications: GCTI, GCFA, GREM, GCIA, CISSP, CISM, or OSCP.

  • Experience creating threat models and detection coverage matrices mapped to MITRE ATT&CK.

Knowledge of AI/ML-driven threat correlation and automation frameworks

Salary range guidance for this position is: $157,000 - $200,000

The salary range listed does not include other forms of compensation or benefits (e.g. i.e. bonuses, commissions, stocks, health insurance benefits, etc.) offered to candidates. Visit our careers site for more information on benefits at Armis

The choices you make in your career journey matter. You want to do interesting work in an important field while also having time to live your life, which is why we place so much value in your life-work balance. Armis sets you up for success with comprehensive health benefits, discretionary time off, paid holidays including monthly me days, and a highly inclusive and diverse workplace. Put your unique experiences and perspective to work in an environment where they will enable you to thrive, grow, and live your life with integrity.

Armis is proud to be an equal opportunity employer. We never discriminate based on race, ethnicity, color, ancestry, national origin, religion, sex, sexual orientation, gender identity, age, disability, veteran status, genetic information, marital status or any other legally protected (or not) status. In compliance with federal law, all persons hired will be required to submit satisfactory proof of identity and legal authorization.

Please click here to review our privacy practices.

Create a Job Alert

Interested in building your career at Armis Security? Get future opportunities sent straight to your email.

Apply for this job

*

indicates a required field

Resume/CV*

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter

Accepted file types: pdf, doc, docx, txt, rtf

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in Armis Security’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Select...
Select...
Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Select...

Voluntary Self-Identification of Disability

Form CC-305
Page 1 of 1
OMB Control Number 1250-0005
Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

  • Alcohol or other substance use disorder (not currently using drugs illegally)
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
  • Blind or low vision
  • Cancer (past or present)
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or serious difficulty hearing
  • Diabetes
  • Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
  • Epilepsy or other seizure disorder
  • Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
  • Intellectual or developmental disability
  • Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
  • Missing limbs or partially missing limbs
  • Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
  • Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
  • Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
  • Partial or complete paralysis (any cause)
  • Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
  • Short stature (dwarfism)
  • Traumatic brain injury
Select...

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.