In this role, we are looking for an experienced threat hunter/threat researcher that is comfortable with ambiguity, has significant experience writing automation code to gather threat intelligence, has demonstrated expertise at the upper levels of the security community, and is self-driven and able to work in an environment where every day presents a new challenge.
The right candidate will be expected to lead and/or play a major role in the following activities:
Tracking active campaigns from major threat actors both known and unknown against public, private, and government entities and automating collection of data on these topics
Writing automation code in Python to collect new in-house developed threat intelligence data that will be consumed by upstream teams and products
Maintaining knowledge of Advanced Persistent Threat (APT), ransomware, and major cybercrime Tactics Techniques and Procedures(TTPs)
Writing and publishing reports and then sharing with the security research community through our partnerships
Teaching and training others in the company on the tactics and methods of tracking advanced threats
Providing threat context and integration support to multiple SecurityScorecard products, customers, and sales architects
Analyzing technical data to extract attacker TTPs, identify unique attributes of malware, map attacker infrastructure, and pivot to related threat data
Identifying and hunting for emerging threat activity across all internal/external sources
Establishing standards, taxonomy, and processes for threat modeling and integration
Performing threat research and analysis during high-severity cyber-attacks impacting SecurityScorecard customers globally
Required Qualifications:
Has at least 2-5 years of experience in security research broadly, including hunting threat actors (criminals or nation states), with specific technical experience (analysis of campaigns, malware involved, command and control (C2) servers, and CVEs exploited)
Analysis of campaigns and actors extends beyond data breaches and traditional attacks (e.g. DDoS, public leaked credentials to network access) to sophisticated, nation-state or cybercrime-driven campaigns
Fluent in at least one high-level programming language (Python, Go, Ruby, JavaScript, etc.) and ability to use the experience to automate threat hunting and threat intelligence gathering activities (in Threat Research we use Python on a daily basis)
Experience working with threat intelligence platforms such as MISP and related analysis systems such as Splunk, VirusTotal Intelligence Graph Explorer, Silobreaker, or other commercial tools for analyzing our data
Preferred Qualifications:
Experience with C and/or Assembly or another low level programming language that ties into development of exploits for software, firmware, and hardware products
Experience with producing and consuming data from streaming platforms such as Confluent Kafka, which we use internally to centralize all our threat intelligence data for consumption by upstream products
Functional understanding of vulnerabilities and related exploit code, capable of writing automation and detection for various CVEs
Experience in developing automation to statically and dynamically analyze malware and subsequent campaigns
Experience with reverse engineering using IDA, Radare, Ghidra or another malware analysis program as well as working knowledge of debuggers such as Olybdg and hopper
Additional Qualifications:
Excellent communication and presentation skills with the ability to present to technical and non-technical audiences
Exceptional written communication skills
Strong decision making skills with the ability to prioritize and execute
Ability to set and manage expectations with senior stake-holders and team members
Strong problem solving, troubleshooting, and analysis skills
Experience working in fast-paced, often chaotic environments during major incidents
Excellent interpersonal and teamwork skills in a fully remote environment