We are looking for an experienced Senior Security Researcher with required analytical background to join our team to perform threat hunts, assist with investigations, develop threat intelligence, and to cultivate investigation best practices into our tooling and products. Researchers will support a global team to identify and catalog new attacker Tools, Techniques and Procedures (TTPs), victims, and deliver customer notifications to protect worldwide enterprise customers and empower customers to protect themselves via constantly improving our products.
Responsibilities:
This role is part of a collaborative team, assisting our customers with:
Performing analysis of attacker activity in on-premises and cloud environments
Identifying potential threats, allowing for proactive defence before an actual incident
Notifying customers regarding imminent attacker activity
Providing recommendations to improve customers cybersecurity posture going forward and performing threat intelligence knowledge transfer to prepare customers to defend against todays threat landscape
Building proof-of-concept and prototype threat hunting tools, automations, and new capabilities
Driving product and tooling improvements by conveying learnings from threat hunting and incident response at scale to engineering partner teams
Identifies, prioritizes, and targets complex security issues that cause negative impact to customers. Creates and drives adoption of relevant mitigations and provide proactive guidance
Works with others to synthesize research findings into recommendations for mitigation of security issues. Shares across teams. Drives change within team based on research findings.
Requirements: Required Qualifications:
6+ years experience in cyber security or large scale computing, and/or anomaly detection.
OR Experience with threat hunting/ digital forensics/reverse engineering/incident response etc.
OR Master's Degree in Statistics, Mathematics, Computer Science or related field
Other Requirements:
Ability to meet us, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: This position will be required to pass the Cloud background check upon hire/transfer and every two years thereafter.
Preferred Qualifications:
Investigation/Cybersecurity/Digital Forensics/DFIR (Digital Forensic Incident Response) certifications (e.g. Certified Information Systems Security Professional (CISSP), SysAdmin, Audit, Network and Security (SANS), Global Information Assurance Certification (GIAC) etc.)
Technical certifications based on domain (e.g., Azure, SharePoint)
Experience with Active Directory and/or cloud identity.
Experience with sophisticated threat actor evidence including familiarity with typical Indicators of Compromise (IOCs), Indicators of Activity (IOAs) and Tools, Techniques and Procedures (TTPs)
Use of forensic analysis tools such as X-Ways Forensics, WinHex, Encase, FTK, etc. Microsoft Azure and/or Office365 platform knowledge and experience
Experience with various forensic log artifacts found in Security Informationa and Event Management (SIEM) logs, web server logs, Antivirus (AV) logs, protection logs such as Host-based Intrusion Detection Systerm (HIDS) and Network Intrusion Detection System (NIDS) logs
Familiarity with Microsoft Defender 365 security stack (for Endpoints, Identity, Cloud, etc), especially with Advanced Hunting query writing
Understanding of Windows and Azure internals and where trace evidence can be found
Knowledge of third-party cybersecurity solutions, especially Extended Detection and Response (EDR) and Security Information and Event Management (SIEM) solutions
Experience working with consulting companies is a plus.
Linux and/or macOS forensic analysis and threat hunting skills.
This position is open to all candidates.
