Job Description

IRONSCALES is redefining email security with an AI-powered platform built to stop phishing and advanced email threats at scale. Our cloud-native solution detects, analyzes, and remediates attacks in real time, helping organizations stay ahead of constantly evolving cyber threats without slowing down their teams. We're a fast-growing cybersecurity company driven by innovation, ownership, and a passion for solving hard problems. Our team builds cutting-edge technology used by organizations around the world to protect what matters most.

If you love building impactful products, solving complex challenges, and working with smart, driven people in a fast-paced startup environment- IRONSCALES is the place for you. Join us and help shape the future of email security 🚀

We're looking for a Senior Detection Researcher to drive the research that stops the next generation of email attacks before they reach the inbox. This is a research role with a strong detection focus and a strong AI orientation. You will investigate how advanced attacks work and evade, define the detection logic and signals that catch them, and use AI and agentic tooling to scale your research. The threat landscape has moved into Phishing 3.0: AI-generated lures, multi-channel campaigns, and attacks engineered specifically to slip past Microsoft 365, Google Workspace, and legacy gateways. We need someone whose research anticipates where attacks are going. Deep email knowledge is a tool you bring to the problem. The job itself is detection research: investigating attacks, defining the detection that catches them, and proving it works at scale. Your work feeds directly into Adaptive AI and Themis, the agentic systems at the core of the IRONSCALES platform.

Responsibilities:

• Research and define the detection logic, heuristics, and signals that stop advanced email attacks at scale
• Reverse-engineer how attacks bypass detection and define the evasion-resistant detection that closes the gap
• Build agentic and LLM-powered tooling that scales your detection research and automates investigation
• Get ahead of the AI-enabled threat surface (GenAI-crafted lures, prompt injection, deepfake-adjacent social engineering) and define detection for it before it lands
• Own the false-negative and false-positive tradeoff: measure and prove detection impact against production-scale data
• Prioritize by impact: a technique that evades at scale outranks a single odd sample

Requirements

• 5+ years of detection-focused security research (threat detection research, detection engineering, or similar), with email threats as a core domain. Your work is the research that detection is built on
• Proven ability to research and define detection logic and heuristics that generalize across campaigns and resist evasion, from investigation through validation
• Strong AI orientation: fluent using LLMs and agentic tooling as a force multiplier for detection research, with sound judgment about where AI helps and where it misleads
• Adversarial mindset. You think like an attacker who has read the detection logic and wants to break it
• Verification discipline: with AI now drafting queries and summarizing evidence, you reliably catch output that is plausible and wrong
• Strong command of how email attacks work and evade (SPF, DKIM, and DMARC abuse, payload and URL obfuscation), used to drive detection research
• Data fluency. Comfortable validating detection hypotheses against large datasets; SQL and warehouse-scale querying are everyday tools
• Clear written communication for technical and executive audiences