• Perform leading edge security research for network based threats – systems analysis, APT threat modeling, tools assessment, network/protocol analysis, etc.
• Work directly with our Data Science teams, developing detection capabilities which will be incorporated into the product
• Participate in on-going efficacy testing of our detection capabilities, producing gap analyses, attack samples, remediation recommendations, and document findings for broad use across the company
• Research and understand attacker TTPs to remain current as a subject matter expert within Vectra
• Research new threat detection technologies and investigate innovative approaches to finding attackers operating within customer environments
• Collaborate across Vectra to identify, research, and develop new detection models – working hand-in-hand with members of data science, consulting services, and other product teams
• Replicate attacker techniques and tooling to produce samples for use during detection development and for detection validation and gap identification
• Pursue security research topics that contribute to the knowledge and enumeration of new threats, tactics, and techniques in network, cloud, and hybrid environments
• Provide an attackers-eye-view to the evidence presented by Vectra products and educate customers to the technical nature of the threat

Required Qualifications

• Passion for cyber security
• 5+ years of attack and penetration testing experience in a network environment; or
• 5+ years direct experience in areas of security research, malware analysis, or incident response
• Knowledge of corporate security investigation and incident response processes, along with malware detection and mitigation technologies
• Solid programming skills with scripting languages such as Python
• Strong problem solving, troubleshooting and analysis skills
• Excellent written and verbal communication skills
• Excellent inter-personal and teamwork skills
• Proactive, hard-working team player with a good sense of humor
• Self-driven, able to efficiently work remotely without close supervision
• Attack simulation experience
• Knowledgeable of the Tools, Techniques, and Procedures of advanced threat actors
• Proficiency with common attacker and red team tools and frameworks: Cobalt Strike, Metasploit, Empire, Mimikatz, impacket, CrackMapExec, etc.
• Ability to realistically recreate advanced threat actor TTPs within controlled environments
• Network experience
• Knowledgeable in network and application protocols, and traffic analysis (network forensics)
• Proficiency with network traffic analysis and network forensics tools such as Wireshark and tcpdump
• Proficiency with host forensics and memory analysis tools to study advanced threat actor activities
• Strong knowledge of networking and network application concepts: TCP/IP, UDP, HTTP, TLS, FTP, RPC, DNS, SMB, Kerberos, etc.

Preferred Qualifications

• Professional or academic research in advanced security threats
• Operational experience in infosec as an incident handler/responder, red teamer, administrator, or internal consultant
• Experience with big data technologies
• Participation in the broader infosec community with requisite contacts and access to external intelligence sources
• Understanding the lifecycle and economics of modern malware and advanced threats

NA