Listing Description
Have you spent time hunting threats inside and outside networks? Developed and tracked activity groups? Want to use those skills to hunt those who threaten civilization? Want to catch and expose threats targeting power plants, water, manufacturing systems, and other industrial control systems? Dragos threat intelligence works to discover these threats, develop innovative analytics for detection, support investigations and incident response, and provide customers with world-class situational awareness. Unlike many other teams with a broader mission, we focus solely on operational threats to industrial control networks; this gives our analysts the time and space necessary to do world-class research and intelligence on the most advanced and significant threats in the world. Most analysts as they progress in their career are required to increase their scope thereby losing many critical skills – this is an opportunity for experienced analysts to drop back down into a highly technical and specific area of critical importance becoming one of the few ICS threat hunters in the world. A rare opportunity for many.
At Dragos, we are not traditional intelligence analysts; we are hunters of evil which threatens the functions of civil society. We are dedicated to the idea that intelligence not properly communicated is not intelligence at all. We support our Dragos Platform through vulnerability analysis, threat intelligence, and behavioral analytics. We support Dragos Professional Services through intelligence support to incident response, assessment, and managed threat hunting.
Dragos is primarily located in Maryland and our Threat Intelligence team is mainly remote.
This is a principal or senior-level position. This is not an entry-level position for inexperienced analysts or those seeking to transition hunting. Prior hunting experience against advanced and persistent threats is a requirement.5+ years’ hunting and tracking targeted threats
5+ years’ experience with network-based intrusion analysis
Knowledge of common malware functionality and operations and comfortable working with static and dynamic binary analysis output
5+ years developing analytics to enable threat hunting and detection
Experience pivoting across the Diamond Model, all stages of the Kill Chain, and ATT&CK
Demonstrable experience producing customer-facing intelligence reports with strong writing skills
Experience developing indicators of compromise (IOCs) for customer-facing applications
1+ year working directly with customers to collect requirements and feedback on intelligence products and services
Able to work well with a remote team of collaborators and deliver product on time and within quality guidelines
Comfortable in at least one scripting language (like Python) enabling the analyst to automate their own tasks when necessary
Good research and documentation skills including knowledge of major OSINT sources and their investigatory value
Nice to Have
Experience with industrial control systems and threats specific to their operational environment
Experience reverse engineering malware with static and/or dynamic tools and techniques
Experience developing YARA, snort, and/or Bro signatures
Experience working with an operations center and/or incident response team
Listing Details
- Citizenship: No Requirements
- Incentives: Stock Options
- Education: No Requirements
- Travel: Travel 25
- Telework: Full Telecommute