Listing Description
The Role
As a Proofpoint Principal Threat Research Engineer, you will perform malware analysis to help improve our malware detection capabilities. You’ll be a part of a team of dynamic and creative threat researchers focused on finding malware, understanding how it works and using that knowledge to improve our products. This role is responsible for understanding how malware works and creating detections in our products.
What you bring to the team
A passion for threat research, and uncovering the unknown about internet threats and threat actors
A technical leadership mindset
Ability to drive decisions and pioneer new technologies to improve the detection of malware and phishing threats
A well-rounded understanding of the malware and information security threat landscape. You should love this field and have a passion for learning.
A willingness to work independently and as part of a team of industry experts
Stellar internal support capabilities for finding false positives, having a sense of urgency and working on production systems
Experience with sandboxing of malware
Experience reverse engineering malware
Familiarity with common encryption algorithms
Experience with IDA Pro and OllyDbg/WinDbg
Experience with databases (SQL, NoSQL or Graph DBs)
Knowledge of Windows API calls
Deep understanding of Microsoft Office and other commonly used document file formats that may be used for exploitation
Ability to identify and understand malicious network traffic
Ability to write static threat detections in Yara or clamAV
Excellent experience with regular expressions
Experience with Python or other scripting languages, the more familiar, the better
Ability to write signatures based on memory dumps
4+ years of experience with malware analysis
Being a hard-working, self-directed team player
Deep curiosity and a drive to understand malware and how it works
Nice to have:
Information security community experience; a blog, website, published papers, conference presentations, or other experience on the public side of the security field
Experience working remotely for a large information security vendor
Flexibility with reversing both lower level programs (C/C++/Delphi) and high-level programs or scripts (Java/.NET/JavaScript/Autoit)
Additional Information
Travel: 10%
Location: US timezone, fully remote workAnalyze malware from internal and external sources, both self-directed and in response to customer inquiries.
Use malware analysis findings to create detections in our detection platforms
Work effectively as part of a remote team using chat, video chat and conference calls
Monitor intelligence feeds, both internal and external, to stay on top of relevant threats and then
Develop tools and approaches to categorize threats and highlight the most important ones
Identify and research new, unknown advanced threats
Work with developers to improve the capabilities of our products
Act as a trusted technical resource for product decisions
Mentor members of the threat research team
Listing Details
- Citizenship: No Requirements
- Incentives: Both
- Education: No Requirements
- Travel: Travel 25
- Telework: Full Telecommute