RiskIQ is the leader in attack surface management, providing the most comprehensive discovery, intelligence, and mitigation of threats associated with an organization’s digital presence. With more than 75 percent of attacks originating outside the firewall, RiskIQ allows enterprises to gain unified insight and control over web, social and mobile exposures. Trusted by thousands of security analysts, RiskIQ’s platform combines advanced internet data reconnaissance and analytics to expedite investigations, understand digital attack surfaces, assess risk and take action to protect the business, brand, and customers. Based in San Francisco, the company is backed by Summit Partners, Battery Ventures, Georgian Partners and MassMutual Ventures.

We are looking for a Senior Solutions Architect, i3 Manager to join our team.

The Role

The Incident Investigations and Intelligence (i3) Program within RiskIQ oversees managed intelligence services of the External Threats Product workspaces as well as the Executive Guardian product workspaces for clients. Executive Guardian is designed to protect C-Suite and high-net-worth individuals from physical threats, exposures of Personally Identifiable Information (PII), and instances of social media account impersonation thereby safeguarding the individual, their reputation, family, and by extension, the company. External Threats protects clients from phishing attacks, domain infringement, mobile app fraud, social and brand impersonation, and data leakage. The i3 Team also delivers RiskIQ professional services – typically bundled with ET or EG workspaces – to create a holistic threat monitoring, identification, and mitigation capability known as the Threat Desk.

The Senior Solution Architect, i3 Manager (SSA) will report to RiskIQ’s Worldwide Solution Architect leader and is responsible for overseeing and managing i3 client relationships to ensure seamless delivery of intelligence analysis around the Threat Desk offering, as well as professional services to i3 clients who subscribe to Advanced Investigations or Analyst-on-Demand services. The (SSA) collaborates on a daily basis with i3 analytic professionals tasked with building and maintaining complex technical logic to identify leaked personal information, digital and kinetic threats, and social media impersonations for high-net-worth individuals. Additionally, the i3 team analyzes instances of phishing and impersonation of domain, social media and brand as well as data leaks. The i3 SSA acts as the interface between RiskIQ strategic clients and the i3 Team to manage i3’s response to client workspace threat events and leads investigations, with the end result the delivery of finished intelligence to the client, along with mitigative steps to protect the client’s brand, intellectual property, or sensitive data. The SSA also oversees and participates in the production and dissemination of time-sensitive threat analysis relevant to the safety and security of clients, their assets and operations. The SSA is analytically proficient and is able to lead investigations, yet also work with the team as a strong individual contributor when needed. The SSA must be proactive, consultative, and business-minded, using both available open source and proprietary data sets to develop analytic and innovative solutions in response to client needs and to attribute virtual threat actors to their actions as threats arise. This role is highly client facing yet offers the opportunity to tap into i3’s sizable analytic team for support, with an opportunity for growth within RiskIQ. 


Represent RiskIQ into our Strategic Account Clients (post-sales) who subscribe to i3 products and services for Executive Guardian and Managed Intelligence Services as well as Advanced Investigations, Analyst-on-Demand, and Tailored Intelligence

  • Project Manage the relationship between the client and the i3 Threat Desk resources, ensuring that Requests for Information (RFIs) are handled in accordance with SLAs and in line with i3 standards for excellence
  • Lead i3 Investigations which stem from client RFIs on events including data breaches, threat attribution, InfoSec incident response and loss of intellectual property/insider threat, and escalated suppression of leaked PII and/or impersonations of social media accounts for covered individuals
  • Review client workspaces and appropriately escalate detections based on the urgency of the discovered threat
  • Assist in the production of threat analysis for dissemination to consumers on the safety and security of clients, assets and operations, including impact assessment​ ​and mitigation recommendations
  • Include solution-oriented recommendations in all analyses, as appropriate
  • Identify opportunities to predict and prevent future security issues and/or incidents
  • Collaborate with client security teams to constantly improve analytic standards, workflows, and success metrics and develop/improve analytic products as appropriate
  • Collaborate with RiskIQ Legal and Engineering teams to ensure appropriate mitigation of identified risks within the platform
  • Lead, participate in, or support i3 Intelligence and Investigation activities as needs arise
  • Maintain on-call posture to support client needs in response to platform threat detection
  • Regularly visit and communicate with clients, collect intelligence requirements, develop collection plans and track metrics around deliverables
  • Partner with RiskIQ Solutions Architects and Sales Team to deliver quarterly business reviews


  • Bachelor's degree required; Master’s desirable
  • Minimum of 7+ years’ experience running counterintelligence investigations, HUMINT intelligence collection operations in the US Intelligence Community, corporate threat attribution investigations and/or incident response; Field Tradecraft Certification (FTC) as a Core Collector highly desirable
  • Experience working directly with intelligence analysts and targeters; direct management and coordination of intelligence resources highly preferred
  • Technical proficiency with open source research tools and techniques
  • Strong written and oral communication skills
  • Experience initiating and conducting complex investigative analysis, and communicating findings to consumers
  • Background in cyberthreat analysis required; background in counterterrorism, counterproliferation or counter-narcotic analysis preferred
  • Strong interpersonal skills
  • Ability to interpret raw intelligence and brief findings to customers
  • Proven ability to transfer raw intelligence into a finished product using all-source intelligence and threat mitigation techniques centered around industry best practices
  • Ability to work independently and also as part of a team
  • Approximately 10-30% global travel may be required
  • English Language fluency required; additional languages highly desirable
  • Ability to obtain a US Security Clearance – TS compartmented or higher

Why work at RiskIQ?

  • Fascinating work - Welcome to the dark underbelly of the Internet. RiskIQ’s ability to help organizations map and monitor their attack surface, detect internet-scale threats, and investigate adversaries led to skyrocketing adoption by security teams around the world. It is the golden age of internet crime, and we are at the forefront of defensive efforts to stem the tide. Internet security is a global growth industry, and the knowledge you acquire here will be a marketable skill for decades to come.
  • We’re a company on the forefront of a burgeoning industry - RiskIQ experienced explosive growth in 2018, including a 362.5 percent increase in net new product sales due to the steady adoption of attack surface management across the world. We also experienced a 365 percent increase in registration for RiskIQ community, our freemium entry-level product, showing the increasing role of security outside the firewall to the growth of businesses.
  • Top Leadership - Our CEO is a renowned cybersecurity veteran known for his expertise. Our leadership group is poised and experienced with a track record in technology and cybersecurity.
  • Unbounded opportunity - We’re growing! At RiskIQ, you’ll be provided with as much responsibility as you can handle—new career development opportunities constantly arise given our rate of growth.
  • Flexibility - You’ll have a large workload, but also the freedom to accomplish it on your own terms.

Apply for this Job

* Required

U.S. Equal Opportunity Employment Information (Completion is voluntary)

Individuals seeking employment at RiskIQ are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. You are being given the opportunity to provide the following information in order to help us comply with federal and state Equal Employment Opportunity/Affirmative Action record keeping, reporting, and other legal requirements.

Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Form CC-305

OMB Control Number 1250-0005

Expires 05/31/2023

Voluntary Self-Identification of Disability

Why are you being asked to complete this form?

We are a federal contractor or subcontractor required by law to provide equal employment opportunity to qualified people with disabilities. We are also required to measure our progress toward having at least 7% of our workforce be individuals with disabilities. To do this, we must ask applicants and employees if they have a disability or have ever had a disability. Because a person may become disabled at any time, we ask all of our employees to update their information at least every five years.

Identifying yourself as an individual with a disability is voluntary, and we hope that you will choose to do so. Your answer will be maintained confidentially and not be seen by selecting officials or anyone else involved in making personnel decisions. Completing the form will not negatively impact you in any way, regardless of whether you have self-identified in the past. For more information about this form or the equal employment obligations of federal contractors under Section 503 of the Rehabilitation Act, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Disabilities include, but are not limited to:

  • Autism
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, or HIV/AIDS
  • Blind or low vision
  • Cancer
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or hard of hearing
  • Depression or anxiety
  • Diabetes
  • Epilepsy
  • Gastrointestinal disorders, for example, Crohn's Disease, or irritable bowel syndrome
  • Intellectual disability
  • Missing limbs or partially missing limbs
  • Nervous system condition for example, migraine headaches, Parkinson’s disease, or Multiple sclerosis (MS)
  • Psychiatric condition, for example, bipolar disorder, schizophrenia, PTSD, or major depression

1Section 503 of the Rehabilitation Act of 1973, as amended. For more information about this form or the equal employment obligations of Federal contractors, visit the U.S. Department of Labor's Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.