Listing Description
Company Overview
================
At Proofpoint, we have a passion for protecting people, data, and brands from today’s advanced threats and compliance risks. We hire the best people in the business to:
- Build and enhance our proven security platform
- Blend innovation and speed in a constantly evolving cloud architecture
- Analyze new threats and offer deep insight through data-driven intel
- Collaborate with customers to help solve their toughest security challenges
We are singularly devoted to helping our customers protect what matters most. That’s why we’re a leader in next-generation cybersecurity—and why more than half of the Fortune 100 trust us as a security partner.
The Role
=======
This is a highly technical role that has a direct and real-time impact protecting Proofpoint customers. As a Security Research Engineer in Proofpoint’s Threat Research group, you’ll be part of an amazing, collaborative, industry-leading team focused on tracking threat actors, their malware, and their TTPs in order to develop static and dynamic (behavioral) signatures that detect and prevent email-based malware delivery and credential phishing attacks. If you enjoy keeping abreast of and analyzing attacker techniques and malware and using that knowledge to make a difference counteracting those threats on a broad scale, then this is the role for you. This role has a direct impact on the efficacy of Proofpoint products, the quality of Proofpoint’s intelligence, and the protection of Proofpoint customers.
Your day-to-day
=============
- Stay abreast of a constantly evolving threat landscape
- Analyze malware, malicious documents, and malicious URLs provided by internal and external sources
- Apply critical thinking skills to identify the most efficient and effective way to mitigate the analyzed threat
- Develop, test, and deploy appropriate static and/or behavioral signatures to mitigate the analyzed threat
- Identify, prioritize, and fill coverage gaps for relevant threats in order to minimize customer impact
- Assess the impact, and develop commensurate responses, for proof of concept exploits
- Work effectively as part of a remote team using chat, video chat and conference calls
- Work with engineering teams, defining requirements, for continuous improvement of critical detection capabilities
What you bring to the team
=======================
- A passion for threat research and a well-rounded yet deep understanding of the security threat landscape, malware behavior, and actor TTPs
- Willing and able to work independently and collaboratively as part of a distributed team of industry-leading security researchers
- A hard-working, self-directed team player fully capable of working remotely
- Broad and demonstrable understanding of document formats commonly used for malicious purposes (e.g. OLE, CDFv2, PDF, OpenOffice, RTF)
- Familiarity with tools used to statically analyze malicious documents
- Experience analyzing malicious macro documents
- Ability to accurately interpret the forensic output of dynamic analysis (sandbox) environments
- Thorough understanding of browser internals and the Document Object Model
- Critical thinking: Demonstrable experience developing quality detection signatures based on analysis of malicious behavior
- Experience developing YARA and/or ClamAV signatures
- Regular expression wizardry
- Intermediate-level Python experience
- Experience responding to coverage deficiencies and addressing detection issues in production environments
Additional Information
===================
Travel: 10%
Location: Europe (UK, Germany, France, Italy)
Must be able to work during business hours local to your timezone- Stay abreast of a constantly evolving threat landscape
- Analyze malware, malicious documents, and malicious URLs provided by internal and external sources
- Apply critical thinking skills to identify the most efficient and effective way to mitigate the analyzed threat
- Develop, test, and deploy appropriate static and/or behavioral signatures to mitigate the analyzed threat
- Identify, prioritize, and fill coverage gaps for relevant threats in order to minimize customer impact
- Assess the impact, and develop commensurate responses, for proof of concept exploits
- Work effectively as part of a remote team using chat, video chat and conference calls
- Work with engineering teams, defining requirements, for continuous improvement of critical detection capabilities
Listing Details
- Citizenship: No Requirements
- Incentives: Not Provided
- Education: No Requirements
- Travel: No Travel
- Telework: Full Telecommute