Email Security Analyst - Sublime Security USA Bookmark Share Print 499 1 22

Listing Description

About Sublime Security

Sublime is making email security programmable. Many companies have tried to solve phishing using black box ML. They've failed for the past 20 years. We're taking a different approach - we've created a DSL to enable security professionals, IT admins, and academic researchers to quickly develop new phishing detection rules. These new, community-built rules can be powered by arbitrary sets of ML models, 3rd party enrichment services, and custom functions. All backed by a GitHub-like system for version control that makes sharing and collaboration easy for the first time ever.

Here's an example of a moderately sophisticated phishing detection rule that is written in Sublime's Message Query Language (MQL):

// rules can detect inbound, internal, or outbound messages
type.inbound

// identify credential theft language in the body using NLU
and any(ml.nlu_classifier(body.current_thread.text).intents,
        .name == "cred_theft" and .confidence == "high"
)

// suspicious sender signals
and (
  beta.whois(sender.email.domain).days_old <= 30
  or profile.by_sender().days_known < 10
  or not profile.by_sender().solicited
)

To see more rule examples and for a deeper dive into Sublime, check out our docs or open-source rules feed.

About the Role

At Sublime, our threat analysis team is pivotal in ensuring the security and trustworthiness of our email ecosystem. We are searching for detail-oriented Email Security Analysts to strengthen our team.

In this role, you will be the frontline in identifying, analyzing, and labeling email threats. Your insights will provide invaluable feedback to our detection engineering and data science teams, enhancing our overall system's resilience against malicious activities.

What You'll Do

• Review and classify emails by threat categories (credential phishing, malware delivery, BEC, spam, etc)

• Identify emerging email-based threats with accurate labeling and documentation

• Label email datasets to support machine learning initiatives

• Analyze telemetry and other data sources to identify attack trends and patterns

• Collaborate with threat detection engineers to ensure detection rules are up-to-date and effective

• Work with performance metrics (FN, FP, TN, TP) to assess and improve detection capabilities

• Stay updated with the latest in email security and threat landscapes

• Recommend process and tool improvements

What You Need

• Familiarity with email security challenges

• Understanding of email-based threats (phishing, malware, BEC, spam)

• Experience or knowledge in email threat analysis

• Strong grasp of detection metrics and implications

• Effective communication skills for complex information

• Ability to collaborate with cross-functional teams

   

If you feel like you don’t meet all of the requirements for this role, we encourage you to apply anyway. Imposter syndrome can get in the way of meeting incredible teammates, and we don’t want it to get in the way of meeting you.

Challenges

At the forefront of email security, our team faces a myriad of challenges daily.

For our Email Security Analysts, these include:

• Rapidly Evolving Threat Landscape: With phishing techniques and email threats constantly adapting, staying abreast of the latest adversarial strategies is crucial.

• Email Volume & Diversity: Our customers share a plethora of emails with us, both labeled and unlabeled. Ensuring the accuracy of these labels and identifying missing ones is no small task, especially given the volume and diverse nature of the emails.

• Precision in Classification: Emails can span various threat categories, from credential phishing and malware delivery to BEC and spam. Accurately classifying each one is vital.

• Data Integrity for Machine Learning: As we harness machine learning for better threat detection, the quality and accuracy of labeled data become paramount. Ensuring that our datasets are meticulously labeled directly impacts the efficacy of our detection models.

• Trend Identification: Beyond individual emails, spotting overarching trends and patterns in phishing attacks and other email-based threats is both challenging and essential.

• Collaboration with Technical Teams: Our analysts work hand-in-hand with threat detection engineers. Providing precise feedback and insights ensures that our detection rules remain effective and up-to-date.

• Metric Mastery: Grasping and working with metrics like False Negatives, False Positives, True Negatives, and True Positives is key, especially when aiming to enhance our detection capabilities.

How We Work at Sublime

• Optimized for flow: We endeavor to have as few scheduled meetings as possible. Right now, we have an all-hands on Tuesdays and that's it

• Autonomy, ownership, trust: You own your work and are responsible for it end to end

• Principles-driven: We approach problems from first principles and document how we make important decisions

• Inclusive: We believe a diverse and inclusive team learns more, makes better decisions, and ultimately ships better products

• Collaborative: We work together to solve tough problems and make decisions, then implement solutions independently in a high-trust environment

Benefits

• We're a fully distributed team. Work from anywhere in the US

• Top-tier health, dental, and vision for which we cover 99% of premiums

• Life insurance fully covered by us

• 16 weeks of fully paid leave for new parents

• New Mac and $5k new hire equipment budget for monitors, desk, chair, and whatever else you need to do the best work of your life

• We'll pay for the fastest internet access available at your residence

• We'll buy any work-related books you ever need

• Unlimited paid time off, with a required 15-day minimum