Overview
Staff Security Research Engineer at Proofpoint. Join a global team focused on tracking threat actors, malware, phishing, and TTPs to respond to the evolving threat landscape with innovative software that detects and prevents threats from reaching Proofpoint customers.
Your day-to-day
* Design and develop software using a variety of languages, primarily Python, with limited external guidance, while providing technical leadership to guide other software engineers on the team
* Modify and extend the sandbox submission and report UI for Proofpoint threat researchers
* Develop low-level OS interactions in C or C++ as needed
* Develop and maintain web browser automation using Chrome Web Driver
* Analyze and reverse engineer JavaScript that fingerprints web browsers to identify sandbox checks; innovate solutions to defeat those checks
* Analyze web front-end DOM and interactions
* Develop and maintain software for processing network traffic, including TLS decryption and processing PCAP files
* Collaborate with threat analysts and detection engineers to research threat actors and write detection rules for the systems you develop
* Create new detection languages and systems to enable threat researchers to develop detection rules
* Enhance threat detection languages to automate interactions with websites and detect threat patterns
* Utilize AI Large Language Models to enhance threat detection pipelines where beneficial
* Design and develop automation pipelines to turn manual tasks into automated scripts
* Stay current with a constantly evolving threat landscape
* Understand the latest TTPs used by threat actors to bypass detection environments, including URL sandbox fingerprinting/detection/evasion techniques
* Provide expert assistance to threat researchers and analysts on phishing websites, evasion techniques, and security research demonstrations as needed
* Reverse engineer malware executable files for Windows as needed to support sandbox countermeasure development (primarily handled by other roles)
* Apply critical thinking to identify efficient mitigation strategies for threats and evasion techniques
* Work effectively in a remote team using chat, video, and conference calls
* Coordinate with other engineering teams to continuously improve critical detection capabilities
What You Bring To The Team
* A passion for threat research and a deep understanding of the security threat landscape, actor TTPs, and countermeasures for evasion and sandbox detection techniques
* Ability to write production-grade, reliable Python code with instrumentation for observability and error monitoring
* Experience developing software using Docker containers
* Experience developing web browser automation
* Experience analyzing network traffic for threat detection with solid understanding of TLS, HTTP, and other network protocols
* Ability to work independently and with a distributed team of security researchers
* Ability to operate effectively in a fully remote environment
Nice to have
* Experience with C and C++
* Experience developing Windows API hooks and researching undocumented Windows APIs
* Experience writing malware behavior signatures
* Experience analyzing malware with a debugger and willingness to learn
* Experience static reverse engineering with IDA Pro, Ghidra, Binary Ninja, or similar tools
* Ability to interpret forensic outputs from dynamic analysis (sandbox) environments
* Experience with multiple malware sandboxes (e.g., Cuckoo, Joe Sandbox, Any Run, Triage, etc.)
Additional Information
* Travel 1% - 10% (flexible) for team collaboration or security conferences
* Location: Canada (Remote), US (Remote), Argentina (Remote), UK (Remote), Ireland (Remote), Germany (Remote), France (Remote), Switzerland (Remote)
* Must be able to work during business hours local to your time zone
Why Proofpoint
Proofpoint is a leading cybersecurity company protecting organizations’ greatest assets. We offer a comprehensive compensation and benefits package and a culture of collaboration and appreciation. We support growth and development with programs including leadership and professional development, flexible work options, wellness days, and global collaboration.
If you need accommodation during the application or interview process, please reach out to accessibility@proofpoint.com.
#J-18808-Ljbffr