Proofpoint
Overview
Staff Security Research Engineer at Proofpoint. About Proofpoint: We are a leader in human-centric cybersecurity. We protect organizations worldwide with an integrated suite of cloud-based solutions that stop targeted threats and safeguard data. We work with customers across industries to mitigate risks related to email, the cloud, social media, and the web. Your Day-to-Day
Design and develop software using a variety of languages, primarily Python, with little external guidance, while providing technical leadership to guide other software engineers on the team Modify existing web-based UI for internal tools to maintain and extend the sandbox submission and report UI for Proofpoint threat researchers Work with C or C++ for low-level OS interactions as needed Develop and maintain web browser interaction capabilities using Chrome WebDriver Analyze and reverse engineer JavaScript that fingerprints web browser artifacts to identify sandbox browsers or instrumentation; innovate solutions to defeat those checks Analyze web front-end and DOM familiarity Develop and maintain software for processing network traffic, including TLS decryption and processing PCAP files Collaborate with threat analysts and detection engineers to research threat actors and write detection rules for the systems you develop Create new detection languages and systems to enable threat researchers to develop detection rules as needed Enhance existing threat detection languages to allow greater automation for threat researchers Evaluate and apply AI Large Language Models to enhance threat detection pipelines where beneficial, with awareness of potential drawbacks Design and develop automation pipelines to turn manual tasks into automated scripts Stay abreast of evolving threat landscapes and attacker TTPs Understand TTPs used by threat actors to bypass detection environments, especially URL sandbox fingerprinting/detection/evasion techniques Provide expert assistance to threat researchers and analysts analyzing phishing websites and evasion techniques Reverse engineer malware executable files for Windows as needed to support sandbox countermeasure development (primary malware reverse engineering responsibilities rest on other roles) Apply critical thinking to identify efficient and effective threat mitigation strategies Collaborate effectively as part of a remote team via chat, video, and conference calls Coordinate with other engineering teams to continuously improve critical detection capabilities What You Bring To The Team
A passion for threat research with deep understanding of security threat landscape and threat actor TTPs; experience developing countermeasures for evasions and sandbox detection Production-grade Python coding skills with observability for performance and error monitoring Experience deploying and working with Docker containers Experience web browser automation Experience analyzing network traffic for threat detection; solid understanding of TLS, HTTP, and related protocols Ability to work independently and as part of a distributed team Ability to work remotely The following skills are nice to have, but candidates lacking them should still apply: Experience with C and C++ Experience developing Windows API hooks and researching undocumented Windows API internals Experience writing malware behavior signatures Some malware analysis debugging experience and willingness to learn Experience with static reverse engineering tools (IDA Pro, Ghidra, Binary Ninja, etc.); expert level not required Ability to interpret dynamic analysis (sandbox) forensic output Experience with multiple publicly available malware sandboxes (e.g., Cuckoo, Joe Sandbox, Any Run, Triage) Additional Information
Travel: 1% - 10% (flexible) for team collaboration or security conferences Location: Canada (Remote), US (Remote), Argentina (Remote), UK (Remote), Ireland (Remote), Germany (Remote), France (Remote), Switzerland (Remote) Must be able to work during business hours local to your time zone Why Proofpoint
We are customer-focused and driven to win, with leading-edge products and a culture of collaboration and appreciation. We offer comprehensive compensation, benefits, and development opportunities. We support remote options and provide a global network for collaboration and growth. Competitive compensation Comprehensive benefits Learning and development programs Flexible work environment (remote options, hybrid schedules, flexible hours) Wellbeing and volunteer days Recognition for contributions Global collaboration and networking opportunities How to Apply: Submit your application through Proofpoint Careers. We can’t wait to hear from you! Other
Note: This description keeps general pay ranges and location information as provided in the original text where applicable.
#J-18808-Ljbffr
Staff Security Research Engineer at Proofpoint. About Proofpoint: We are a leader in human-centric cybersecurity. We protect organizations worldwide with an integrated suite of cloud-based solutions that stop targeted threats and safeguard data. We work with customers across industries to mitigate risks related to email, the cloud, social media, and the web. Your Day-to-Day
Design and develop software using a variety of languages, primarily Python, with little external guidance, while providing technical leadership to guide other software engineers on the team Modify existing web-based UI for internal tools to maintain and extend the sandbox submission and report UI for Proofpoint threat researchers Work with C or C++ for low-level OS interactions as needed Develop and maintain web browser interaction capabilities using Chrome WebDriver Analyze and reverse engineer JavaScript that fingerprints web browser artifacts to identify sandbox browsers or instrumentation; innovate solutions to defeat those checks Analyze web front-end and DOM familiarity Develop and maintain software for processing network traffic, including TLS decryption and processing PCAP files Collaborate with threat analysts and detection engineers to research threat actors and write detection rules for the systems you develop Create new detection languages and systems to enable threat researchers to develop detection rules as needed Enhance existing threat detection languages to allow greater automation for threat researchers Evaluate and apply AI Large Language Models to enhance threat detection pipelines where beneficial, with awareness of potential drawbacks Design and develop automation pipelines to turn manual tasks into automated scripts Stay abreast of evolving threat landscapes and attacker TTPs Understand TTPs used by threat actors to bypass detection environments, especially URL sandbox fingerprinting/detection/evasion techniques Provide expert assistance to threat researchers and analysts analyzing phishing websites and evasion techniques Reverse engineer malware executable files for Windows as needed to support sandbox countermeasure development (primary malware reverse engineering responsibilities rest on other roles) Apply critical thinking to identify efficient and effective threat mitigation strategies Collaborate effectively as part of a remote team via chat, video, and conference calls Coordinate with other engineering teams to continuously improve critical detection capabilities What You Bring To The Team
A passion for threat research with deep understanding of security threat landscape and threat actor TTPs; experience developing countermeasures for evasions and sandbox detection Production-grade Python coding skills with observability for performance and error monitoring Experience deploying and working with Docker containers Experience web browser automation Experience analyzing network traffic for threat detection; solid understanding of TLS, HTTP, and related protocols Ability to work independently and as part of a distributed team Ability to work remotely The following skills are nice to have, but candidates lacking them should still apply: Experience with C and C++ Experience developing Windows API hooks and researching undocumented Windows API internals Experience writing malware behavior signatures Some malware analysis debugging experience and willingness to learn Experience with static reverse engineering tools (IDA Pro, Ghidra, Binary Ninja, etc.); expert level not required Ability to interpret dynamic analysis (sandbox) forensic output Experience with multiple publicly available malware sandboxes (e.g., Cuckoo, Joe Sandbox, Any Run, Triage) Additional Information
Travel: 1% - 10% (flexible) for team collaboration or security conferences Location: Canada (Remote), US (Remote), Argentina (Remote), UK (Remote), Ireland (Remote), Germany (Remote), France (Remote), Switzerland (Remote) Must be able to work during business hours local to your time zone Why Proofpoint
We are customer-focused and driven to win, with leading-edge products and a culture of collaboration and appreciation. We offer comprehensive compensation, benefits, and development opportunities. We support remote options and provide a global network for collaboration and growth. Competitive compensation Comprehensive benefits Learning and development programs Flexible work environment (remote options, hybrid schedules, flexible hours) Wellbeing and volunteer days Recognition for contributions Global collaboration and networking opportunities How to Apply: Submit your application through Proofpoint Careers. We can’t wait to hear from you! Other
Note: This description keeps general pay ranges and location information as provided in the original text where applicable.
#J-18808-Ljbffr