• Apply now

  Security Research Engineer (Sandboxing)

  Proofpoint

  This is a highly technical role that requires a comprehensive understanding of Windows internals, sandboxing technology and instrumentation, reverse engineering, and malware anti-analysis techniques. As a security researcher focused on sandboxing technology, you will work closely with industry-leading security researchers and technologists to maintain and evolve Proofpoint’s state-of-the-art malware analysis environment. Your primary objective is to ensure that ever-evolving malware runs scalably and effectively in Proofpoint’s sandbox environment despite the best efforts of malware authors to thwart that. This role has a direct impact on the efficacy of Proofpoint products, the quality of Proofpoint’s intelligence, and the protection of Proofpoint customers.

  • 2018-12-01
  • kirksoluk
  • USA (Virtual)

The Role
This is a highly technical role that requires a comprehensive understanding of Windows internals, sandboxing technology and instrumentation, reverse engineering, and malware anti-analysis techniques. As a security researcher focused on sandboxing technology, you will work closely with industry-leading security researchers and technologists to maintain and evolve Proofpoint’s state-of-the-art malware analysis environment. Your primary objective is to ensure that ever-evolving malware runs scalably and effectively in Proofpoint’s sandbox environment despite the best efforts of malware authors to thwart that. This role has a direct impact on the efficacy of Proofpoint products, the quality of Proofpoint’s intelligence, and the protection of Proofpoint customers.

Your day-to-day
• Analyze malware from internal and external sources, both self-directed and in response to customer inquiries
• Develop signatures to accurately detect and classify malware based on analysis
• Assess the impact, and develop commensurate responses, for proof of concept exploits
• Develop code to extract configuration information and other indicators from memory dumps and other sandbox artifacts
• Perform root cause analysis to identify reasons malware doesn’t execute as desired in a sandbox environment
• Develop low-level sandbox solutions, including the hooking of Windows APIs, to coax malware into running properly in a sandboxed environment
• Monitor the threat landscape then proactively prioritize and address relevant threats
• Identify and research novel anti-analysis techniques and advanced threats
• Work effectively as part of a remote team using chat, video chat and conference calls
• Work with engineering developers to improve the capabilities of our products

What you bring to the team
• A passion for threat research, and uncovering the unknown about malware, internet threats and threat actors
• A well-rounded understanding of the malware and information security threat landscape. You should love this field and have a passion for learning
• A willingness to work independently and collaboratively as part of a team of industry experts
• A hard-working, self-directed team player fully capable of working remotely
• Demonstrable, expert-level, reverse engineering skills including the use of IDA Pro and understanding of Intel assembly language
• Ability to reverse malware written in lower-level (C/C++/Delphi) and higher-level (Java/.NET/JS) languages
• Experience sandboxing malware including the custom hooking of Windows APIs to facilitate the execution of malware
• Familiarity with encryption algorithms commonly used by malware
• Experience developing detection signatures based on malware analysis
• Intermediate to advanced level Python experience
• Stellar internal support capabilities responding to coverage and technical issues in production environments
Additional Information
• Travel: 10%
• Location: Must be based in the US
• Must be able to work during the US business hours local to your timezone

---

• • Analyze malware from internal and external sources, both self-directed and in response to customer inquiries
• • Develop signatures to accurately detect and classify malware based on analysis
• • Assess the impact, and develop commensurate responses, for proof of concept exploits
• • Develop code to extract configuration information and other indicators from memory dumps and other sandbox artifacts
• • Perform root cause analysis to identify reasons malware doesn’t execute as desired in a sandbox environment
• • Develop low-level sandbox solutions, including the hooking of Windows APIs, to coax malware into running properly in a sandboxed environment
• • Monitor the threat landscape then proactively prioritize and address relevant threats
• • Identify and research novel anti-analysis techniques and advanced threats
• • Work effectively as part of a remote team using chat, video chat and conference calls
• • Work with engineering developers to improve the capabilities of our products