Proofpoint
Overview
Staff Security Research Engineer – Proofpoint Threat Research team. Design and develop software to track threat actors, malware, phishing, and TTPs and respond to the rapidly evolving threat landscape with innovative software that detects and prevents threats for Proofpoint customers. What You’ll Do
Design and develop software using a variety of languages, primarily Python, with minimal external guidance, while providing technical leadership to guide other software engineers on the team Modify and extend the sandbox submission and report UI for internal tools used by Proofpoint threat researchers Write C or C++ for low-level OS interactions as needed Develop and maintain web browser interaction capabilities using Chrome WebDriver Analyze and reverse engineer JavaScript that fingerprints web browser artifacts to identify sandboxed environments and innovate countermeasures Familiarity with analyzing web front-ends and the DOM Develop and maintain software for processing network traffic, including TLS decryption and PCAP processing Collaborate with threat analysts and detection engineers to research threat actors and write detection rules for the systems you develop Create new detection languages and systems to enable researchers to develop detection rules Enhance threat detection languages to automate website interactions and detect threat patterns Apply AI/Large Language Models where appropriate to enhance threat detection pipelines and evaluate when AI benefits the goals Design and develop automation pipelines to convert manual tasks into automated scripts Stay current with the evolving threat landscape and techniques used by threat actors, including URL sandbox fingerprinting/detection/evasion Provide expert assistance to threat researchers and analysts on phishing websites, evasion techniques, and red-team demonstrations as needed Support sandbox countermeasure development and, when needed, reverse engineer Windows malware executables (primary malware reverse engineering responsibilities rest on other roles) Apply critical thinking to identify efficient threat mitigation strategies Collaborate effectively in a remote team using chat, video, and conference calls Coordinate with other engineering teams to continuously improve critical detection capabilities What You Bring To The Team
A passion for threat research and a deep understanding of security threat landscapes and actor TTPs, especially countermeasures for evasions and sandbox detection Production-grade Python coding with instrumentation for observability and monitoring Experience with Docker-based development Experience with web browser automation Experience analyzing network traffic for threat detection with solid understanding of TLS, HTTP, and related protocols Ability to work independently and as part of a distributed team Ability to work remotely Nice to have, but not required: Experience with C/C++ Experience developing Windows API hooks and researching undocumented Windows APIs Experience writing malware behavior signatures Debugging malware and willingness to learn Statistically reverse engineering malware with IDA Pro, Ghidra, Binary Ninja or similar tools Ability to interpret forensic output from dynamic analysis (sandbox) environments Experience with multiple malware sandboxes (e.g., Cuckoo, Joe Sandbox, Any Run, Triage) Additional Information
Travel 1% – 10% (flexible) for team collaboration or security conferences Location: Canada (Remote), US (Remote), Argentina (Remote), UK (Remote), Ireland (Remote), Germany (Remote), France (Remote), Switzerland (Remote) Must be able to work during business hours local to your time zone Why Proofpoint
Proofpoint is a customer-focused cybersecurity leader protecting organizations against threats. We offer a comprehensive compensation and benefits package and opportunities for growth within a global, multi-national company that values collaboration and inclusion. Base Pay Ranges
SF Bay Area, New York City Metro Area: 194,475.00 – 285,230.00 USD Other listed U.S. metro areas: 162,375.00 – 238,150.00 USD All other cities and states: 148,425.00 – 217,690.00 USD Seniority level
Not Applicable Employment type
Full-time Job function
Engineering and Information Technology Industries: Computer and Network Security and Software Development How to Apply
Interested? Submit your application here. We can’t wait to hear from you! Note: This description reflects Proofpoint’s pay transparency and equity practices and may include ranges that vary by location and market. Final offer will be based on candidate qualifications and may include variable compensation or equity.
#J-18808-Ljbffr
Staff Security Research Engineer – Proofpoint Threat Research team. Design and develop software to track threat actors, malware, phishing, and TTPs and respond to the rapidly evolving threat landscape with innovative software that detects and prevents threats for Proofpoint customers. What You’ll Do
Design and develop software using a variety of languages, primarily Python, with minimal external guidance, while providing technical leadership to guide other software engineers on the team Modify and extend the sandbox submission and report UI for internal tools used by Proofpoint threat researchers Write C or C++ for low-level OS interactions as needed Develop and maintain web browser interaction capabilities using Chrome WebDriver Analyze and reverse engineer JavaScript that fingerprints web browser artifacts to identify sandboxed environments and innovate countermeasures Familiarity with analyzing web front-ends and the DOM Develop and maintain software for processing network traffic, including TLS decryption and PCAP processing Collaborate with threat analysts and detection engineers to research threat actors and write detection rules for the systems you develop Create new detection languages and systems to enable researchers to develop detection rules Enhance threat detection languages to automate website interactions and detect threat patterns Apply AI/Large Language Models where appropriate to enhance threat detection pipelines and evaluate when AI benefits the goals Design and develop automation pipelines to convert manual tasks into automated scripts Stay current with the evolving threat landscape and techniques used by threat actors, including URL sandbox fingerprinting/detection/evasion Provide expert assistance to threat researchers and analysts on phishing websites, evasion techniques, and red-team demonstrations as needed Support sandbox countermeasure development and, when needed, reverse engineer Windows malware executables (primary malware reverse engineering responsibilities rest on other roles) Apply critical thinking to identify efficient threat mitigation strategies Collaborate effectively in a remote team using chat, video, and conference calls Coordinate with other engineering teams to continuously improve critical detection capabilities What You Bring To The Team
A passion for threat research and a deep understanding of security threat landscapes and actor TTPs, especially countermeasures for evasions and sandbox detection Production-grade Python coding with instrumentation for observability and monitoring Experience with Docker-based development Experience with web browser automation Experience analyzing network traffic for threat detection with solid understanding of TLS, HTTP, and related protocols Ability to work independently and as part of a distributed team Ability to work remotely Nice to have, but not required: Experience with C/C++ Experience developing Windows API hooks and researching undocumented Windows APIs Experience writing malware behavior signatures Debugging malware and willingness to learn Statistically reverse engineering malware with IDA Pro, Ghidra, Binary Ninja or similar tools Ability to interpret forensic output from dynamic analysis (sandbox) environments Experience with multiple malware sandboxes (e.g., Cuckoo, Joe Sandbox, Any Run, Triage) Additional Information
Travel 1% – 10% (flexible) for team collaboration or security conferences Location: Canada (Remote), US (Remote), Argentina (Remote), UK (Remote), Ireland (Remote), Germany (Remote), France (Remote), Switzerland (Remote) Must be able to work during business hours local to your time zone Why Proofpoint
Proofpoint is a customer-focused cybersecurity leader protecting organizations against threats. We offer a comprehensive compensation and benefits package and opportunities for growth within a global, multi-national company that values collaboration and inclusion. Base Pay Ranges
SF Bay Area, New York City Metro Area: 194,475.00 – 285,230.00 USD Other listed U.S. metro areas: 162,375.00 – 238,150.00 USD All other cities and states: 148,425.00 – 217,690.00 USD Seniority level
Not Applicable Employment type
Full-time Job function
Engineering and Information Technology Industries: Computer and Network Security and Software Development How to Apply
Interested? Submit your application here. We can’t wait to hear from you! Note: This description reflects Proofpoint’s pay transparency and equity practices and may include ranges that vary by location and market. Final offer will be based on candidate qualifications and may include variable compensation or equity.
#J-18808-Ljbffr