Builder Block

Role:  Principal Full-Stack Developer (FTE – Permanent)

Work Location:  100% remote (the selected candidate will be able to work their own “local” hours)

Candidate Location Preference:  Candidates must be located in Europe (the EU, CEE, Baltics, Southern Europe or Balkans) or Scandinavia

Come build the go-to-market (and beyond) two core engines for RudieSec’s external threat intelligence (CTI) and OSINT platform and services!

This is an early-stage role inside a very small team.  The person who joins us will play a meaningful part in establishing and evolving the very core of a company operating in a very different part of cybersecurity.  This is an opportunity to come in early, take ownership of a critical area, and grow with a company that is  carving out its own lane.

RudieSec is an external cyber threat intelligence (CTI) and OSINT shop built for SMBs and NGOs.  We work outside the firewall, in the external threat environment.  We track threat actors, threat campaign activity, evolving TTPs, and exposure patterns.  Then we turn that intelligence into actionable deliverables for our clients.

Bring your adventurous side, your experimental side, and your ability to see what’s possible even if it doesn’t exist yet.

Here’s the handoff:  The role focuses on translating RudieSec’s current functional and technical build specs into two real, fully coded platform tracks within our external CTI and OSINT environments.  Foundations, the client-facing platform for our first go-to-market rollout, and our Enhanced SOG (Studies and Observations Group) internal platform, which provides deeper, longer-range and human-led intelligence gathering, processing, and analysis.  Together, these builds are designed to process external (outside the firewall) threat intelligence, transform raw signals into structured intelligence, and help drive the cybersecurity recommendations and guidance we provide to our SMB and NGO clients.

What you’ll be building:

The selected candidate will build the first full-stack, code-based versions of E-TIE (our External Threat Intelligence Engine).  E-TIE comprises three layers: the Fusion Layer for initial intel ingest and preliminary processing; the Analytic Core, which serves as the primary quantitative/probabilistic and time-series modeling component; and the R-based Statistics Layer, where final statistical analysis and reporting occur.  This is a parallel-tracked, continuous build for two core instances and two GUI paths, and development beyond the first go-to-market releases.  This is literally the “birth” of the E-TIE core engine.

•   A Python-first core on a Linux base in AWS, designed to be stable, testable, and extensible.
•   Clean data model and service boundaries that support iterative growth without constant rewrites.
•   Two distinct coded build paths that can evolve in parallel (both Foundations and the Enhanced SOG will use the same core E-TIE engine) without being a tangled mess six months later.
•   Two distinct GUI environments built around real workflow, not just narrative screens:  dashboards that support distinct use bases (client-facing and internal threat intel operators), review views, stateful forms, and mechanisms that make analysis repeatable and auditable.
•   A build approach that respects the reality of development:  strong specs at the starting point, real collaboration on inevitable bends and refinements, and disciplined execution from there.
•   A developer approach that is iterative beyond the go-to-market state, not a “build it, ship it, and disappear into ticket maintenance purgatory.”
•   A coded reference implementation that delivers the intended outputs defined in RudieSec’s current functional and technical specs (and beyond as we iterate), with tests, logging, and secure-by-default from Day 1.
•   Comfort with a nested Agile build process (full build blocks as Waterfall, components of each block using the Agile framework).

Current state and near-term build targets:

E-TIE does not yet exist as a fully-coded platform environment.  What we do have is a strong, functional, and technical spec base that defines the engine’s internal behavior, structure, and direction, as well as its two build tracks.  Your near-term objective is to translate those specs into working, coded core instances with strong structure, reliability, and room for iterative expansion.  The client-facing Foundations track will be the first instance to go to market, with the Enhanced SOG instance following.  Both tracks should be able to evolve without breaking the E-TIE engine underneath them.

Mission context:

This development work directly powers external CTI  and OSINT operations.  The platform is built to help transform ambiguous signals into structured intelligence assessments that inform decisions, prioritization, and forward-looking risk posture.  You will be building the engine that lets intel operators scale judgment without turning the process into guesswork.

Dev path overview (v1.block1 + and beyond):

E-TIE development uses our internal “block” structure, but now it reflects a dual-track, phased rollout.  The current v1.block1+ state serves as the spec base for the shared core engine and its two instances, with Foundations as the primary go-to-market focus.  v1.Block2 adds the R-stats layer.  v1.Block2+ is where the two tracks begin to diverge more meaningfully:  Foundations will progress based on what is included in the GTM release and what should come next, while the Enhanced SOG enters its main transformation phase through the introduction of deeper human-led intelligence functions, expanded fusion layer activity, and the integration of additional analytic and forecasting support inside E-TIE.  The progression is mapped, but sequencing remains adaptable once the selected candidate is on board.

Skills and technical requirements:

Must-haves:

•   Full-stack capability:  you will build both GUI environments, the core E-TIE engine, and the two engine instances.
•   Strong Python skills, and real experience building in a Linux environment, specifically Ubuntu LTS as the platform base, along with practical AWS build experience.
•   Ability to design and implement APIs, data models, and durable service boundaries that support two parallel platform instances without turning the architecture into spaghetti.
•   Experience building workflow-heavy interfaces, including dashboards, review views, and stateful forms for different user types and operational realities.
•   Ability to build across a layered platform environment, including the Fusion Layer, Analytic Core, and R-based Statistics Layer.
•   Ability to code analytic and model-driven functions so they operate successfully in E-TIE, even when the underlying models are created by the data scientist.
•   Ability to operationalize probabilistic/quantitative, time-series, statistical, and forecasting support inside a working platform environment rather than treating model outputs as stand-alone artifacts.
•   Ability to code confidence-modulation and temporal-behavior functions inside the engine, including half-life, degradation, recursion, and shifting IoT (Indicators of Threat)-based weighting as signal-to-noise ratios are constantly shifting.
•   Strong capacity to work with open-source code bases, external packages, and third-party integrations, and to evaluate and adapt them pragmatically without destabilizing the core build.
•   Engineering discipline:  tests, logging, secure coding habits, and clear documentation of decisions.
•   Comfort building from strong functional and technical specs while collaborating through challenges, refinements, and design adjustments.
•   Comfortable with a nested Agile approach, with larger build blocks managed in a more structured way and component-level work handled iteratively.
•   Comfort operating in ambiguity, shipping iteratively, and taking real ownership of an ongoing build beyond the first go-to-market release.

Nice-to-haves:

•   Prior exposure to cyber threat intelligence, OSINT, or adjacent intelligence processing environments.
•   Familiarity with the MITRE ATT&CK framework, adversary behavior mapping, or similar threat behavior frameworks.
•   Familiarity with Admiralty Code scoring, source grading, or other structured intelligence evaluation methods.
•   Familiarity with MISP or similar intelligence sharing and analysis environments.
•   Familiarity with Haystack, Ollama, or similar LLM-supported routing, classification, or orchestration frameworks.
•   Familiarity with R-based analytical, reporting, or statistical environments.
•   Prior experience working in an early-stage build environment where architecture, workflows, and platform shapes are still being actively defined and revised.
•   TypeScript/JavaScript/ or React (for the front-end)
•   SQL
•   Bash

Indicator of Interest:

To indicate your interest in the Principal Full-stack Developer role, please follow the application submission instructions below:

•   Please send your Indicator of Interest email to: RudieSec.TA@rudiesec.com
•   Put “RudieBuilder” in the Subject line of the email
•   Provide a 2-3 paragraph introduction. Just tell us who you are, what excites you about building a threat intelligence engine from the ground up, and what sparks your interest in joining a cyber threat intel startup. We’re real folks here at RudieSec, so relax, be genuine, and explain it to us as you would to a colleague. Note: Please do not submit your CV or portfolio yet.
•   Your LinkedIn profile link
•   Your preferred contact information

Role:  Data Scientist / Math Modeler (FTE – Permanent)

Work Location:  100% remote (the selected candidate will be able to work their own “local” hours)

Candidate Location Preference: Candidates must be located in Europe (the EU, CEE, Baltics, Southern Europe or Balkans) or Scandinavia

Education requirements:  Bachelor’s degree or higher in a quantitative field (statistics, mathematics, computer science, engineering, economics, or similar), or equivalent real-world experience demonstrating strong modeling capabilities.

Come build the go-to-market (and beyond) cyber threat intel lifeblood of E-TIE, our external threat intelligence engine!

This is a vital, early-stage role inside a very small team.  The person who joins us will play a meaningful part in establishing and evolving the very core of a company operating in a very different part of cybersecurity.  This is an opportunity to come in early, take ownership of a critical area, and grow with a company that is carving out its own lane.

RudieSec is an external cyber threat intelligence (CTI) and OSINT shop built for SMBs and NGOs.  We work outside the firewall, in the external threat environment.  We track threat actors, threat campaign activity, evolving TTPs, and exposure patterns.  Then we turn that intelligence into actionable deliverables for our clients.

Bring your adventurous side, your experimental side, and your ability to see what’s possible even if it doesn’t exist yet.

Here’s the handoff:  The role focuses on translating RudieSec’s current external cyber threat intelligence concepts, functional build specs, and early modeling into the evaluation logic, quantitative models, time-series models, statistical methods, and data visualization outputs that give E-TIE its cyber threat intel lifeblood.  This work supports two separate E-TIE instances: Foundations, the client-facing platform, and Enhanced/SOG (Studies and Observations Group), our human-led internal operations platform.  Foundations will provide a true client-facing platform that brings external CTI/OSINT intelligence to SMBs and NGOs, enabling them to “see what’s coming” from outside the firewall before it happens.  Enhanced/SOG is our deeper, layer 2 intel and beyond, human-led instance, built for expanded collection, analysis, contextualization, and client guidance.

What you’ll be building:

The selected candidate will own RudieSec’s modeling direction across E-TIE, with focus on clarity, evaluation, explainability, and operational usefulness.  This is not a role focused on implementing predefined models.  We are looking for someone who can work from first principles, translate messy external signals into structured approaches, and help shape how external CTI/OSINT can be modeled and understood.

Some starting concepts are already in place, including MITRE ATT&CK-based progression modeling using Markov Chains, and Chronos-2 time-series forecasting.  These are the starting points, not the boundaries.  We want someone who is comfortable exploring additional quantitative, probabilistic, statistical, and non-linear approaches that can expand the usefulness of external cyber threat intelligence for both clients and operators.

Our build path will follow a Kanban-based, continuous-improvement process that evolves as the threat environment shifts and client requirements grow.  Iterative modeling will be the norm.

•   A modeling foundation that can serve both Foundations and Enhanced/SOG without creating two disconnected analytic worlds.
•   A signal evaluation approach that preserves nuance before intelligence moves downstream.
•   A forecasting and probability structure that can evolve as live external threat intelligence accumulates.
•   An output logic that keeps confidence, uncertainty, and limits visible without burying users in math.
•   A visual intelligence approach that helps clients and operators understand movement, exposure, and change over time.
•   A build approach that respects strong starting specs, real collaboration, and inevitable refinements.
•   A modeling process that remains iterative beyond the go-to-market state, not a “build it, ship it, and disappear into spreadsheet purgatory” exercise.

Core responsibilities include:

•   Fusion Layer evaluation logic:  Define how confidence, source and information quality, weighting, degradation, and retention should operate within the Fusion Layer so that intelligence is structured for deeper modeling without losing nuance.

Note:  The Fusion Layer is not a passive intake stage.  It is a dynamic evaluation environment where signals are preserved, weighted, revisited, and prepared for downstream modeling.  This work must handle changing confidence, degradation and recursion, improvement, and environmental drift over time, so that intelligence is not flattened before it reaches the quantitative and time-series forecasting models.

•   Markov quantitative/predictive models (Analytic Core Layer):  Define state logic, transition logic, scoring, and how probability shifts as intelligence accumulates, including guardrails against over-fitting noise.
•   Time-Series forecasting model in Chronos-2 (Analytic Core Layer):  Define what forecasting success means in this domain, specify evaluation methods, and shape integration requirements so forecasts become testable and decision-relevant for clients.
•   Data visualization and intelligence expression:  Define how E-TIE should visually express threat progression, confidence movement, uncertainty, source quality, degradation, forecast ranges, exposure patterns, environmental drift, etc., and analytic outputs.  This includes shaping visual approaches that make complex external CTI/OSINT understandable, operationally useful, and decision-relevant for both client-facing Foundations outputs as well as internal Enhanced/SOG operators.
•   Statistical and reporting Layer (R-based):  Define how outputs should be expressed so uncertainty, confidence, and model performance remain visible and explainable.
•   Additional modeling approaches:  Identify and help develop additional quantitative, probabilistic, statistical, or non-linear approaches that can improve how E-TIE models external CTI/OSINT, multi-source intelligence, threat movement, threat TTP evolution, exposure patterns, and uncertainty.

Evaluation mindset:

This role is not about “build a clever model and vibes will carry it.”  We want disciplined, but inventive measurement:

•   Define validation and backtesting expectations.
•   Establish error metrics and boundary checks.
•   Specify thresholds, update, regression, and recursion criteria across key system layers so that signal, noise, and model movement are handled in a disciplined, testable, and explainable way.
•  Design monitoring signals for environmental drift, and for how intelligence degrades or improves over time.

Integration-ready by design:

E-TIE will support third-party integrations where they strengthen external threat intelligence collection, enrichment, sharing, visualization, or analysis.  The selected candidate’s modeling work should assume external data can enrich the system, but must remain robust when those integrations are absent.  Integrations should improve coverage, confidence, and analytic value, not become hidden dependencies.

How you’ll work:

The selected candidate will collaborate closely with the Principal Full-Stack Developer to ensure model logic is implementable, testable, and maintainable.  You’ll also help translate analytic outputs into forms that can support client-facing Foundations outputs and help SOG Analysts drive defensible client recommendations.

Skills and technical requirements:

Must-haves:

•   Strong applied probabilistic and quantitative judgment.
•   Ability to define structured  evaluation logic within teh Fusion Layer, including confidence, source and information quality, weighting, degradation, improvement, regression, recursion, and retention.
•   Comfort with Markov modeling concepts, especially state logic, transition logic, probability movement, and threshold-based updates.
•   Comfort with time-series forecasting fundamentals and the ability to define what forecasting success should mean for Chronos-2 in this domain.
•   Strong evaluation mindset, including calibration, backtesting, boundary checks, drift monitoring, and measurable performance.
•   Ability to translate modeling logic into implementable requirements, with Python familiarity strongly preferred.
•   Clear communication of assumptions, uncertainty, and model limitations.

Nice-to-haves:

•   Familiarity with Bayesian methods, Hidden Markov Models (HMMs), and calibration techniques.
•   Experience shaping analytical outputs so they remain interpretable and usable by downstream analysts or decision-makers.
•   Experience in adversarial domains (cyber, fraud, risk, intelligence, etc.).
•   Familiarity with R-based analytical, reporting, or statistical environments.
•   Prior experience working in an early-stage build environment where architecture, workflows, and platform shapes are still being actively defined and revised.
•   Strong curiosity about applying mathematical, statistical, or data science approaches to messy, multi-source cyber intelligence problems.

Indicator of Interest:

To indicate your interest in the Data Scientist/Math Modeler role, please follow the application submission instructions below:

•   Please send your Indicator of Interest email to: RudieSec.TA@rudiesec.com
•   Put “RudieData” in the Subject line of the email
•   Provide a 2-3 paragraph introduction. Just tell us who you are, what excites you about building new quantitative and time-series models, and what sparks your interest in joining a cyber threat intel startup. We’re real folks here at RudieSec, so relax, be genuine, and explain it to us as you would to a colleague. Note: Please do not submit your CV or portfolio yet.
•   Your LinkedIn profile link
•   Your preferred contact information