Explore large data sets to uncover novel attack techniques, monitor and catalog changes in activity group tradecraft, and generate custom alerts for enterprise customers.
Work with customer support teams to support investigations during an enterprise’s time of need.
Collaborate with our data science and threat research teams to develop and maintain accurate and durable cloud-based detections.
Inform the development of hunting tools and automations for use in the discovery of human adversaries.
7+ years of experience in a technical role in the areas of Security Operations, Threat Intelligence, Cyber Incident Response, or Penetration Testing/Red Team
Excellent cross-group and interpersonal skills, with the ability to articulate business need for detection improvements.
Excellent English-language skills for both written and verbal communication
Strong ability to use data to ‘tell a story’
Advanced experience using analysis tools (e.g. file/network/OS monitoring tools and/or debuggers)
Advanced knowledge of Windows OS internals and security mechanisms
Skilled working with extremely large data sets, using tools and scripting languages such as: Excel, SQL, Python, Splunk, and PowerBI
Ability to track, analyze, and brief on new and ongoing cyber-attacks in cloud infrastructure with understanding on AAD, ADFS and popular authentication/authorization protocols like SAML, OAUTH, OpenID connect.
In-depth understanding of latest cloud-based techniques used by attackers for persistence, privilege escalation, defense evasion and lateral movement in platforms such as Azure AD, Office 365 and Google Workspace
Functional understanding of common threat analysis models such as the Diamond Model, Cyber Kill Chain, and MITRE ATT&CK.
Advanced experience using analysis tools (e.g. file/network/OS monitoring tools and/or debuggers) and advanced knowledge of operating system internals and security mechanisms
Excellent cross-group and interpersonal skills, with the ability to articulate business need for detection improvements and strong ability to use data to ‘tell a story’.
The following additional experiences are favorable, but not required: Technical BS degree preferred in Computer Science, Computer Engineering, Information Security, Mathematics, or Physics
1+ years of experience developing software or tools using C++, C#, Python, Ruby, or similar
Experience with reverse engineering, digital forensics (DFIR) or incident response, or machine learning models
Experience with system administration in a large enterprise environment including Windows and Linux servers and workstations, network administration, cloud administration
Experience with offensive security including tools such as Metasploit, exploit development, Open Source Intelligence Gathering (OSINT), and designing ways to breach enterprise networks
Experience with advanced persistent threats and human adversary compromises
Additional advanced technical degrees or cyber security basedsecurity-based certifications such as CISSP, OSCP, CEH, or GIAC certifications