Full-Time
Staff Threat Research Engineer
Sumo Logic
501-1,000 employees
Cloud-based data analytics and security platform
Compensation Overview
$162k - $190k/yr
No H1B Sponsorship
Remote in USA
Remote
 IT & Security (1) |
|---|
- 12+ years of cybersecurity experience that includes a mix of: Senior/Principal SOC analyst, threat hunter, or purple team practitioner; Incident responder or detection engineer roles.
- Demonstrated ability to progress threat research into actionable detections and incident response outcomes.
- Experience conducting original or self-directed threat research that resulted in novel findings — for example, malware or infrastructure analysis, honeypot operations, or similar investigative work leading to actionable insights.
- Broad knowledge of multiple technology stacks and a strong curiosity to learn new platforms.
- Deep experience with multiple major public clouds (AWS, Azure, or GCP), and familiarity with analyzing cloud-native logs and telemetry.
- Understanding of emerging attack techniques targeting AI infrastructure and machine learning pipelines (e.g., data poisoning, model theft, or prompt injection), and familiarity with frameworks such as MITRE ATLAS.
- Proven history of thought leadership through blogs, LinkedIn articles, or conference presentations.
- Background in the cybersecurity vendor space, with experience providing expert feedback to product and engineering teams.
- Research, develop, and test threat detection logic in a lab environment, validating against real-world attacker behaviors and ensuring technical alignment with Sumo Logic SIEM capabilities.
- Conduct original threat research, such as analyzing malware, tracking infrastructure, or experimenting with honeypots, and translate findings into detection opportunities.
- Investigate industry and adversary trends to identify emerging detection opportunities.
- Collaborate with product management and fellow Threat Labs engineers to scope and prioritize detection campaigns.
- Maintain and expand Threat Labs’ research lab infrastructure.
- Provide practitioner feedback to engineering and product management to inform feature design and roadmap decisions.
- Contribute to the security community through blogs, conference talks, open source projects, and public research contributions.
- Prior experience in customer-facing technical roles (consulting, remote support, or advisory).
- Hands-on familiarity with offensive security tools (Atomic Red Team, Sliver, Cobalt Strike, etc.).
- Scripting or automation capability (Python, PowerShell, etc.).
- Experience with Security Orchestration, Automation, and Response (SOAR) technology.
- Recognized presence or active participation in the security community (e.g., X/Twitter, conferences, open source).
- Experience applying AI or machine learning techniques to improve operational efficiency and automation across the detection rule development lifecycle — from research and validation to deployment and tuning.
Sumo Logic provides a cloud-based data analytics and security platform for enterprises, helping collect, analyze, visualize, and secure large data volumes from multiple sources to improve decision-making and operations. The product works as a subscription service over the internet: data is ingested, processed, and analyzed, with results shown in dashboards, and it includes security analytics to detect threats and respond, accessible without on-premises software. It differentiates itself by combining cloud-first analytics with security analytics in a single platform designed for medium-to-large enterprises, offering end-to-end visibility and real-time insights across various industries. The goal is to help enterprises run operations more efficiently and securely by turning raw data into actionable insights through a scalable cloud platform.
Company Size
501-1,000
Company Stage
IPO
Headquarters
Redwood City, California
Founded
2010
Simplify's Take
What believers are saying
- Enterprise demand for AI SOC automation supports preview-to-GA conversion.
- Cloud data platforms need centralized audit visibility as AI usage expands.
- Natural-language query and knowledge agents reduce analyst friction and training time.
What critics are saying
- Crowded AI security markets compress differentiation against Datadog, Splunk, Microsoft, and CrowdStrike.
- Preview-stage SOC Analyst Agent and MCP Server can delay enterprise revenue conversion.
- Partner integrations create dependence on vendor APIs, telemetry access, and bundling decisions.
What makes Sumo Logic unique
- AI-powered cloud-native log analytics unifies Dev, Sec, and Ops workflows.
- Dojo AI agents recommend remediation actions, not just surface alerts.
- Native integrations cover Claude, Snowflake, and Databricks security telemetry.
Help us improve and share your feedback! Did you find this helpful?
Your Connections
People at Sumo Logic who can refer or advise you
Benefits
Competitive base salary + bonus + RSU's
Unlimited PTO + 12 company holidays + 4 quarterly wellness days
100% remote or in office
Employee stock purchase plan- ESPP
Medical, Dental, Vision
Paid Parental leave
Growth & Insights and Company News
6 month growth
↓ -3%1 year growth
↓ -2%2 year growth
↓ -1%Sumo Logic turns SOC analysts into decision makers. March 25, 2026 Sumo Logic is showing what it can do with Dojo AI agents at RSA 2026. The company announced expanded capabilities for its Dojo AI agents. They will deliver active remediation actions to close the threat detection, investigation and remediation (TDIR) loop. The challenge for security teams is the number of point tools in their stacks. Cloud adoption, identity sprawl, and distributed architectures have created a surge in data. While traditional SIEM platforms flag suspicious behaviour, they don't tell analysts what to do next. That gap forces manual response planning under pressure, stretching mean time to remediation (MTTR) and increasing risk. Chas Clawson, VP of Security Strategy at Sumo Logic, said, "The industry is redefining what a SOC does. "It's no longer enough to surface context and say, 'here's a suspicious login, go figure it out.' Our Dojo AI SOC Analyst Agent can now recommend, for example, 'This user has suspicious logins to three apps from these two locations. Click to temporarily suspend access as I help you investigate.' "We're closing the loop on TDIR with agentic workflows that guide analysts to faster and more confident decisions." How is Sumo Logic addressing this with Dojo AI? Sumo Logic is consolidating the data and the decision layers into a single platform. Logs serve as the system of record. Those are enriched in the Cloud SIEM and then passed to Dojo AI, which then delivers contextual recommendations. Those are then passed to the SOC analyst. What the analyst gets is more than just a set of actions. Dojo AI adds the reasoning for each step along with the action. The analyst is then able to determine if that reasoning makes sense and either act or look for a more detailed analysis. This is a critical process. Analysts learn from what they do and how the answer is arrived at. By providing the reasoning, the analyst is able to understand why the action is recommended. It creates a continuous learning loop for the analyst, which improves their skills and understanding of threats. Four agents, one platform. Sumo Logic is not shipping a single AI feature. It is building an agent ecosystem. Four agents now operate within the platform. * SOC Analyst Agent (Preview): handles automated to human-led investigations and delivers context-aware response recommendations. * Query Agent (GA): converts natural language intent into precise log searches, removing the need for complex query writing. * Knowledge Agent (GA): answers product questions using official documentation without forcing analysts out of their workflow. * Sumo Logic MCP Server (Preview): extends AI assistance across tools, preventing product boundaries from becoming process boundaries. The MCP Server deserves particular attention. Security stacks are fragmented by design. Different tools handle endpoint, identity, cloud, and network telemetry. An AI layer that cannot cross those boundaries has limited value. The MCP Server addresses that directly. All four agents operate on Sumo Logic's Logs for Security and Cloud SIEM foundation. That grounding matters for trust. AI recommendations are only as reliable as the data beneath them. High-fidelity data and explainable logic are not optional extras. They are prerequisites for analyst adoption. The SOC Analyst Agent remains in preview. The MCP Server is also in the preview stage. Both represent significant capability additions when they reach general availability. Organisations evaluating Sumo Logic now should factor preview timelines into procurement decisions. The AI SOC tools market is getting crowded. The AI SOC tools market is incredibly crowded. In the last week, Datadog AI launched its AI SOC analyst, and Dropzone AI launched its autonomous threat hunter. Splunk, Microsoft Sentinel, and CrowdStrike Falcon all offer AI-assisted detection and response capabilities. The distinction Sumo Logic draws is the integration of the data layer and decision layer within a single platform. Many competitors bolt AI onto existing architectures. Sumo Logic argues its approach grounds recommendations in higher-fidelity data from the start. The agentic workflow model also separates Sumo Logic from traditional SOAR platforms. SOAR automates predefined playbooks. Dojo AI agents reason across context and recommend actions. The difference is flexibility. Playbooks break when environments change. Contextual reasoning adapts. For security leaders evaluating platforms, the questions to ask are practical. Does the AI recommendation include explainable reasoning? Can analysts override or modify recommendations easily? Does the platform maintain audit trails for compliance purposes? Sumo Logic's emphasis on explainable logic suggests it understands these requirements. Enterprise times: what does this mean? Sumo Logic's direction is clear. The company is building toward a fully integrated TDIR platform where AI handles investigation friction, and analysts handle decisions. Whether that vision delivers at scale depends on data quality, integration breadth, and analyst trust. The foundations look credible. The proof will come in production deployments. The company also needs to make sure that it stays ahead of the rest of the field. If it doesn't, then it will start to lose ground to those around it. March 19, 2026 March 11, 2026
Sumo Logic expands Dojo AI with SOC Analyst Agent that recommends actions, not just alerts. 2026-03-24 23:03 Sumo Logic is pushing its Dojo AI platform further into decision territory at RSAC 2026, announcing expanded AI agent capabilities that go beyond surfacing context to actually recommending what analysts should do next. The company's new SOC Analyst Agent, now in preview, addresses a gap that has frustrated security teams for years: traditional SIEMs are... Read the original article: Hacking & Cracking For a security analyst, the day begins and ends in the Sumo Logic Cloud SIEM. It's the central hub for unifying security and observability data, designed to turn a firehose of enterprise-wide events into clear, actionable Insights. But the platform's AI-driven analytics are only as good as the data they... July 31, 2025 September 22, 2025 Antivirus & Malware Security firm Sumo Logic disclosed a security breach after discovering the compromise of its AWS account compromised last week. Sumo Logic is a cybersecurity company that specializes in cloud-based log management and analytics. The company disclosed a security breach after discovering that its AWS account was compromised last week. The... November 9, 2023
Sumo Logic has expanded its Dojo AI platform with a SOC Analyst Agent that recommends specific remediation actions, moving beyond basic threat detection to guide security teams through investigation and response. The preview feature aims to reduce mean time to remediation by actively suggesting next-best actions with explainable reasoning. The company demonstrated the enhanced capabilities at RSA Conference 2026, alongside its Query Agent, Knowledge Agent and MCP Server. The platform combines log analytics with Cloud SIEM correlation to transform security operations from reactive detection to proactive decision-making. Sumo Logic received two Global Infosec Awards from Cyber Defence Magazine for Next Gen SIEM and Pioneering AI SOC. The company's platform addresses challenges faced by security teams managing multiple tools and overwhelming data volumes.
Sumo Logic has launched new integrations for Snowflake and Databricks, providing enhanced visibility across cloud data platforms. The Snowflake Logs App and Databricks Audit App offer real-time monitoring of user activity, configuration changes and security threats. The Snowflake Logs App enables customers to analyse login activity, optimise data pipelines and centralise log data for faster troubleshooting. The Databricks Audit App delivers visibility into user behaviour, detects unauthorised access attempts and accelerates incident investigations across multiple workspaces. "Databricks and Snowflake are core to so many of our customers' overall corporate data strategies, especially with the increase in AI usage," said Keith Kuchler, Chief Product and Technology Officer at Sumo Logic. Both applications are now available through Sumo Logic's App Catalog.
Sumo Logic data pipeline integrations with Snowflake and Databricks. Sumo Logic introduced its new Snowflake Logs App and Databricks Audit App, giving customers stronger visibility into their data pipelines, more reliable security analytics, and faster troubleshooting across two leading cloud data platforms. With data volumes and associated vulnerabilities rapidly growing, security, operations, and data teams require unified, real-time insight into user activity, configuration changes, performance issues, and potential threats across their data pipeline and environments. These new apps expand Sumo Logic's industry-leading coverage for Databricks and Snowflake platforms to help teams detect anomalies, investigate incidents, and monitor and optimize operations. "Databricks and Snowflake are core to so many of our customers' overall corporate data strategies, especially with the increase in AI usage," said Keith Kuchler, Chief Product and Technology Officer, Sumo Logic. "These applications give customers unified, real-time visibility across their data warehouse platforms so that they can focus on proactive detection engineering, performance optimization, and faster incident resolution." Snowflake Logs App Snowflake provides a single, fully managed data platform, but its customers often lack visibility into performance, login activity, and operational health. The Sumo Logic Snowflake Logs App enables customers to: * Analyze login and access activity to identify anomalies or potentially suspicious behavior * Optimize data pipelines and workloads with insights into long running or failing queries * Centralize log data for easier correlation across applications, cloud services, and data platforms With real-time dashboards and alerting, teams can troubleshoot faster, improve reliability, and maximize the value of their Snowflake investment. Databricks Audit App Databricks offers a unified platform for data, analytics and AI. For its customers using the platform for highly sensitive workloads, visibility into user behavior and configuration changes is critical. * Centralized visibility into user activity, job execution, access patterns, and administrative operations * Real-time detection of unauthorized access attempts, privilege escalations, and anomalous behavior * Faster incident investigations with visualizations that contextualize activity across multiple workspaces With unified insights across Databricks audit logs, security and compliance teams can more effectively identify emerging critical threats, reduce detection time, and maintain a strong security posture. Both the Databricks Audit App and Snowflake Logs App are now available in the Sumo Logic App Catalog.