Staff Security Research Engineer
As a Security Research Engineer on Proofpoint’s Threat Research team, you’ll be part of an amazing, collaborative, industry-leading team focused on tracking threat actors, malware, phishing, and TTPs and responding to the quickly changing threat landscape with innovative software that detects and prevents threats from reaching Proofpoint customers.
Your day-to-day
* Design and develop software using a variety of languages, primarily Python, with little external guidance, while providing technical leadership to guide other software engineers on the team
* Modify existing web-based UI for internal tools to maintain and extend the sandbox submission and report UI for Proofpoint threat researchers to use
* Write C or C++ for low level interactions with the OS as needed
* Develop and maintain web browser interaction capabilities using Chrome Web Driver
* Analyze and reverse engineer JavaScript that fingerprints web browser artifacts to identify sandbox browsers or instrumentation, and innovate solutions to defeat those checks
* Familiarity with analyzing web front-end and the Document Object Model (DOM)
* Develop and maintain software for processing network traffic, including TLS decryption and processing PCAP files
* Work closely with threat analysts and detection engineers who research threat actors and write detection rules which run on the systems you develop
* As needed, create new detection languages and systems that allow threat researchers to develop detection rules
* Add features to existing threat detection languages to allow greater flexibility by threat researchers to automate interactions with websites and detect threat patterns
* Make use of AI Large Language Models as appropriate to enhance threat detection pipelines, produce samples to test evasion countermeasures, and decide when applying AI is beneficial
* Design and develop automation pipelines to turn manual tasks into automated scripts
* Stay abreast of a constantly evolving threat landscape
* Understand the latest tactics, techniques, and procedures used by threat actors to bypass detection environments, especially URL sandbox fingerprinting, detection, and evasion techniques
* Provide expert assistance and support to threat researchers and analysts as they analyze phishing websites, threat detection evasion techniques, and security research or red team demonstrations of new evasion techniques
* Reverse engineering malware executable files for Windows as needed to support sandbox countermeasure development (note primary malware reverse engineering responsibilities rest on other roles and are not expected regularly for this role)
* Apply critical thinking to identify efficient and effective ways to mitigate threats and evasions
* Work effectively as part of a remote team using chat, video chat and conference calls
* Collaborate with other engineering teams, defining requirements for continuous improvement of critical detection capabilities
What You Bring To The Team
As a Security Research Engineer on Proofpoint’s Threat Research team, you’ll be part of an amazing, collaborative, industry-leading team focused on tracking threat actors, malware, phishing, and TTPs and responding to the quickly changing threat landscape with innovative software that detects and prevents threats from reaching Proofpoint customers. If you enjoy keeping abreast of and analyzing attacker techniques, malware and phishing campaigns, and using that knowledge to counteract those threats with innovative software solutions, then this is the role for you.
* A passion for threat research and a well-rounded yet deep understanding of the security threat landscape and actor TTPs, especially understanding how to develop countermeasures for threat actor evasions and sandbox detection techniques
* Ability to write production-grade, reliable Python code with instrumentation that supports observability and monitoring of performance and errors
* Experience developing software using Docker containers
* Experience developing web browser automation
* Experience analyzing network traffic for threat detection and a solid understanding of TLS, HTTP, and other network protocols used by malware
* Willing and able to work independently and collaboratively as part of a distributed team of security researchers
* Ability to perform the above in a fully remote work environment
Nice to have
* Experience with C and C++
* Experience developing Windows API hooks and researching undocumented Windows API internals
* Experience writing malware behavior signatures
* Some experience analyzing malware using a debugger and willingness to learn
* Experience with statically reverse engineering malware using IDA Pro, Ghidra, Binary Ninja, or similar tools
* Ability to interpret forensic output from dynamic analysis (sandbox) environments
* Experience with various malware sandboxes (e.g., Cuckoo, Joe Sandbox, Any Run, Triage)
Additional Information
* Travel 1% - 10% (flexible) mainly for team collaboration or security conferences
* Location: Remote (Canada, US, Argentina, UK, Ireland, Germany, France, Switzerland)
* Must be able to work during business hours local to your time-zone
Why Proofpoint
We are a customer-focused, award-winning organization with leading-edge products. We hire the best and cultivate a culture of collaboration and appreciation. We are a multinational company with locations in many countries, contributing to Proofpoint’s culture.
Why Proofpoint? An exceptional career experience includes a comprehensive compensation and benefits package. Here are a few reasons you’ll love working with us:
* Competitive compensation
* Comprehensive benefits
* Learning & Development opportunities
* Flexible work environment (remote options, hybrid schedules, flexible hours)
* Annual wellness and community outreach days
* Recognition for your contributions
* Global collaboration and networking opportunities
Our Culture: We value belonging, purpose, and success for everyone. If you need accommodation during the application or interview process, please reach out to accessibility@proofpoint.com.
How to Apply: Interested? Submit your application here https://www.proofpoint.com/us/company/careers. We can’t wait to hear from you!
Pay transparency and equity: Our compensation reflects the cost of labor across U.S. markets. The actual offer will be based on the candidate’s knowledge, skills, and experience. This role may be eligible for variable compensation and/or equity. Benefits include flexible time off, wellness programs, and a Work from Anywhere option.
Base Pay Ranges: SF Bay Area, NYC Metro Area; other regions as applicable. The ranges are indicative and can vary by location.
#J-18808-Ljbffr