Senior APT Threat Researcher (Remote - Anywhere in the US or Canada)
It's fun to work in a company where people truly BELIEVE in what they're doing! We're committed to bringing passion and customer focus to the business. The Role As a Proofpoint Advanced Persistent Threat (APT) researcher, you will spend time searching through data looking for threats, analyzing them, and making that information meaningful to our customers. Leveraging Proofpoint data, common threat intelligence data providers, information from trust groups, and other sources, you will be responsible for covering the threat landscape with a focus on state aligned threats in specific regions of interest as assigned by the APT team manager. As an APT specialist you’ll communicate your findings to various groups including customers, fellow threat researchers and teams who create detections in our products. You will also have the opportunity to present your research at public and private industry conferences. You’ll be a part of a team of dynamic and creative threat researchers focused on the threat landscape, finding threats, understanding them, and using that knowledge to improve our products and protect our customers. Making APT landscape research visible and useful for our customers is a large part of this role. · Monitor and analyze threat intelligence sources to stay abreast of new threats and tactics. · Collect, process, and disseminate intelligence to stakeholders in a timely and actionable manner. · Develop and maintain relationships with external organizations to improve information sharing and collaboration. · Identify gaps in collection, recommend, and participate in the implementation of solutions to fill those gaps. · Produce intelligence reports and technical briefings on current and emerging threats for various audiences: Proofpoint executives, public blogs and Proofpoint customers (including our APT Threat Intelligence customers) · Use excellent analytical skills to work in a diverse team environment, exchanging ideas and data with developers, support, product managers, and customers. Your day-to-day • Hunt in Proofpoint’s proprietary telemetry sources to identify and cluster state aligned cyber espionage activity. • Analyze APT-related attack chains, including phishing, malware and threat data from internal and external sources, with a focus on activity that has an email component. • Provide threat detection findings to detection teams as they create and deploy detections in our products • Occasionally conduct dynamic and static malware analysis on samples obtained from our customer data and threat hunting activity to assist in signature development • Piece together malicious campaigns, threat actors, and unattributed activity • Prepare APT activity notification reports for impacted customers • Generate intelligence to support Proofpoint’s mission to protect our customers • Create and present written deliverables to multiple audiences, both external and internal. • Present complex technical topics to senior management, internal stakeholders, our customers, and peers • Expand upon existing intelligence to build profiles of tracked Threat Actors • Collaborate on research projects with the wider threat research team What you bring to the team • A empathetic approach to collaboration and a flexible attitude, ready to work with a close knit team passionate about disrupting adversaries • A well-rounded understanding of the current APT threat landscape in general • Direct experience tracking apex cyber espionage actors of any region, familiarity with their TTPs and key features that can be used for attribution. • Strong knowledge of Cyber Threat Intelligence principles to include indicators of compromise (IOC) types, indicator pivoting and indicator attribution strength. • Skills to profile and track APT actors efficiently, including Yara, infrastructure tracking, reverse engineering capabilities, indicator pivoting techniques and enough experience with a scripting language to automate various aspects of your work • The ability to make a hypothesis based on your threat research, prove or disprove it using our data, and communicate that information to our customers or internal stakeholders • Ability to comfortably communicate directly with customers and the security community • Experience with Network and Host malware detection engineering • Excellent interpersonal, organizational, writing, communications, and briefing skills • Motivation to dig through internal and open-source data to find threat information and use it to provide value to customers • Experience with various technologies used for hunting in big data sets Nice to have • Formal university-level education in computer science, computer security or another related discipline, or equivalent certifications and/or work experience • Information security community experience; a blog, website, published papers, conference presentations, or other experience on the public side of the security field • Experience working remotely for a large information security vendor • Familiarity with email delivery mechanisms (DNS, SMTP, etc) & common email formats (RFC822 headers, MIME) • Familiarity with email-borne threats and related analysis techniques • Familiarity with Suricata or Snort • Familiarity with interpreting malware sandboxing reports • Amazing presentation skills #LI-EC1 #LI-Remote If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us! Consistent with Proofpoint values and applicable law, we provide the following information to promote pay transparency and equity. Our compensation reflects the cost of labor across several U.S. geographic markets, and we pay differently based on those defined markets as set out below. Pay within these ranges varies and depends on job-related knowledge, skills, and experience. The actual offer will be based on the individual candidate. The range provided may represent a candidate range and may not reflect the full range for an individual tenured employee. This role may be eligible for variable pay and/or equity. We offer a competitive benefits package that includes flexible time off, a robust well-being program that provides for 4 global wellbeing days per year, and a 3-week work from anywhere option. Base Pay Ranges: SF Bay Area, New York City Metro Area: Base Pay Range: 157,650.00 - 231,220.00 USD California (excludes SF Bay Area), Colorado, Connecticut, Illinois, Washington DC Metro, Maryland, Massachusetts, New Jersey, Texas, Washington, Virginia, and Alaska: Base Pay Range: 129,000.00 - 189,200.00 USD All other cities and states excluding those listed above: Base Pay Range: 117,600.00 - 172,480.00 USD Proofpoint thrives on the invaluable contributions of our diverse workforce, which encompasses a kaleidoscope of lived experiences, thoughts, perspectives, and professional expertise. We attribute much of our success to our people, who are at the core of our organization and embody our people-centric ethos. We hire the most innovative minds globally to safeguard our customers’ sensitive data and intellectual property. Our talented workforce develops and leverages our advanced technology, combining their expertise to provide comprehensive protection against threat actors and mitigate the risks posed by both malicious and negligent employees. Cyberattacks have the potential to disrupt access to vital resources such as energy, water, transportation, healthcare, and financial services. At Proofpoint, our dedicated team works tirelessly to ensure world-class cyber resilience, protecting approximately 8,000 enterprise customers worldwide. We are committed to creating a diverse, equitable, and inclusive environment. We work every day to ensure that our employees feel that they are in a community that celebrates their unique identity, cultivates their sense of belonging, and invests in their professional growth. We have 9 employee-led employee inclusion groups which help support both employees and our organization by providing opportunities to network, discuss career and cultural development and uplift the corporate culture to create a more inclusive workplace. At Proofpoint, we have a passion for protecting people, data, and brands from today’s advanced threats and compliance risks. We hire the best people in the business to: Build and enhance our proven security platform Blend innovation and speed in a constantly evolving cloud architecture Analyze new threats and offer deep insight through data-driven intel Collaborate with customers to help solve their toughest security challenges We are singularly devoted to helping our customers protect what matters most. That’s why we’re a leader in next-generation cybersecurity—and why more than half of the Fortune 100 trust us as a security partner. Proofpoint is an equal opportunity employer, we hire without consideration to race, religion, creed, color, national origin, age, gender, sexual orientation, marital status, veteran status or disability.
Threat Insight
Brian in Pittsburgh
Botconf
Selena Larson
JosephMenn
Jean-Ian Boutin