ThreatConnect
Data Science Lead
ThreatConnect enables threat intelligence, security operations, and cyber risk management teams to work together for more effective, efficient, and collaborative cyber defense. With ThreatConnect, organizations can infuse ML and AI-powered threat intel and cyber risk quantification into their work, allowing them to contextualize an evolving threat landscape, prioritize the most significant risks to their business, and operationalize defenses. More than 250 enterprises and thousands of security operations professionals rely on ThreatConnect every day to protect their organizations' most critical assets. We are expanding our Data Science leadership to accelerate innovation across risk modeling, explainable AI, and threat-to-risk analytics and are looking for a mission-driven Lead Data Scientist with hands-on modeling expertise and a strong background in cybersecurity. ThreatConnect is seeking a Data Science Lead to drive the next generation of loss and attack models that power our Risk Quantifier (RQ) platform. This is a player-coach role, combining hands-on modeling with leadership of a small but growing team of data scientists. The ideal candidate will have strong statistical modeling skills, experience working with cyber or risk data, and the ability to translate complex datasets into actionable, production-grade models that enable financial risk quantification at scale. The ideal candidate should also have a working knowledge of modern cybersecurity practices and adversary behavior (e.g., MITRE ATT&CK), and a passion for turning complex data into actionable insights. In This Role, You'll Get To...
Model Development: Lead design and implementation of probabilistic and statistical models for loss magnitude, frequency, and attack path likelihood Data Leadership: Expand and curate ThreatConnect's risk data sets, including loss event data, CVE data (KEV, EPSS), MITRE ATT&CK coverage, control posture data, and third-party risk data Player-Coach: Mentor a team of data scientists while remaining hands-on with modeling, code reviews, and experimentation Cross-Functional Collaboration: Partner with Product, Engineering, and Threat Intelligence teams to operationalize models in RQ Innovation: Research and apply advanced methods (Bayesian modeling, ML techniques) to continuously improve prediction accuracy and coverage Quality & Governance: Ensure model transparency, explainability, and defensibility for customer and regulatory review. Lead the development of algorithmic models for CRQ, including threat likelihood, loss magnitude, control efficacy, and scenario simulation AI: Guide the implementation of AI-enhanced modeling (e.g., LLMs, pattern mining) to support automation of risk scenario development and decision support In The First Month, We'll Expect You To...
Get up to speed on RQ's current modeling architecture and data sets Meet with Product teams to understand roadmap priorities and customer needs Review and document the current loss and attack model coverage and gaps At 3 Months We'll Expect You To...
Deliver a prioritized roadmap for model improvements and new datasets to onboard Stand up team operating rhythm (standups, backlog grooming, code review practices) Deliver quick wins: Improved loss data normalization, updated attack-path models for top ATT&CK techniques At 6 Months We'll Expect You To...
Release at least one new or improved model into production (e.g., ransomware loss distribution, control effectiveness model) Onboard additional data sources (loss event feeds, industry benchmarks, third-party telemetry) Document model assumptions and publish an internal "Model Handbook" for transparency At 12 Months We'll Expect You To...
Establish repeatable pipelines for model training, validation, and deployment Expand team capabilities (hire additional data scientists or analysts as needed) Deliver measurable improvements to RQ outputs (accuracy, coverage, speed) Present results to leadership, highlighting the ROI of improved models and datasets Required Qualifications
7+ years of experience in applied data science, quantitative modeling, or algorithm development Strong understanding of cybersecurity principles, threat actor behavior, or risk frameworks (e.g., NIST CSF, MITRE ATT&CK, FAIR) Proven ability to build and deploy risk or predictive models in enterprise environments Proficiency in Python and familiarity with modeling libraries (e.g., NumPy, PyMC3, scikit-learn) Experience with Git, Jira, and modern ML ops pipelines Strong communication and storytelling skills for technical and non-technical audiences Desired Qualifications
Experience building CRQ models in alignment with FAIR or related frameworks Familiarity with simulating attack paths, graph-based reasoning, or control validation PhD or advanced degree in data science, computer science, engineering, or related field Experience with integrating models into SaaS platforms or cloud-native environments Background in red/blue teaming, SOC data, or adversary emulation is a plus
ThreatConnect enables threat intelligence, security operations, and cyber risk management teams to work together for more effective, efficient, and collaborative cyber defense. With ThreatConnect, organizations can infuse ML and AI-powered threat intel and cyber risk quantification into their work, allowing them to contextualize an evolving threat landscape, prioritize the most significant risks to their business, and operationalize defenses. More than 250 enterprises and thousands of security operations professionals rely on ThreatConnect every day to protect their organizations' most critical assets. We are expanding our Data Science leadership to accelerate innovation across risk modeling, explainable AI, and threat-to-risk analytics and are looking for a mission-driven Lead Data Scientist with hands-on modeling expertise and a strong background in cybersecurity. ThreatConnect is seeking a Data Science Lead to drive the next generation of loss and attack models that power our Risk Quantifier (RQ) platform. This is a player-coach role, combining hands-on modeling with leadership of a small but growing team of data scientists. The ideal candidate will have strong statistical modeling skills, experience working with cyber or risk data, and the ability to translate complex datasets into actionable, production-grade models that enable financial risk quantification at scale. The ideal candidate should also have a working knowledge of modern cybersecurity practices and adversary behavior (e.g., MITRE ATT&CK), and a passion for turning complex data into actionable insights. In This Role, You'll Get To...
Model Development: Lead design and implementation of probabilistic and statistical models for loss magnitude, frequency, and attack path likelihood Data Leadership: Expand and curate ThreatConnect's risk data sets, including loss event data, CVE data (KEV, EPSS), MITRE ATT&CK coverage, control posture data, and third-party risk data Player-Coach: Mentor a team of data scientists while remaining hands-on with modeling, code reviews, and experimentation Cross-Functional Collaboration: Partner with Product, Engineering, and Threat Intelligence teams to operationalize models in RQ Innovation: Research and apply advanced methods (Bayesian modeling, ML techniques) to continuously improve prediction accuracy and coverage Quality & Governance: Ensure model transparency, explainability, and defensibility for customer and regulatory review. Lead the development of algorithmic models for CRQ, including threat likelihood, loss magnitude, control efficacy, and scenario simulation AI: Guide the implementation of AI-enhanced modeling (e.g., LLMs, pattern mining) to support automation of risk scenario development and decision support In The First Month, We'll Expect You To...
Get up to speed on RQ's current modeling architecture and data sets Meet with Product teams to understand roadmap priorities and customer needs Review and document the current loss and attack model coverage and gaps At 3 Months We'll Expect You To...
Deliver a prioritized roadmap for model improvements and new datasets to onboard Stand up team operating rhythm (standups, backlog grooming, code review practices) Deliver quick wins: Improved loss data normalization, updated attack-path models for top ATT&CK techniques At 6 Months We'll Expect You To...
Release at least one new or improved model into production (e.g., ransomware loss distribution, control effectiveness model) Onboard additional data sources (loss event feeds, industry benchmarks, third-party telemetry) Document model assumptions and publish an internal "Model Handbook" for transparency At 12 Months We'll Expect You To...
Establish repeatable pipelines for model training, validation, and deployment Expand team capabilities (hire additional data scientists or analysts as needed) Deliver measurable improvements to RQ outputs (accuracy, coverage, speed) Present results to leadership, highlighting the ROI of improved models and datasets Required Qualifications
7+ years of experience in applied data science, quantitative modeling, or algorithm development Strong understanding of cybersecurity principles, threat actor behavior, or risk frameworks (e.g., NIST CSF, MITRE ATT&CK, FAIR) Proven ability to build and deploy risk or predictive models in enterprise environments Proficiency in Python and familiarity with modeling libraries (e.g., NumPy, PyMC3, scikit-learn) Experience with Git, Jira, and modern ML ops pipelines Strong communication and storytelling skills for technical and non-technical audiences Desired Qualifications
Experience building CRQ models in alignment with FAIR or related frameworks Familiarity with simulating attack paths, graph-based reasoning, or control validation PhD or advanced degree in data science, computer science, engineering, or related field Experience with integrating models into SaaS platforms or cloud-native environments Background in red/blue teaming, SOC data, or adversary emulation is a plus