Proofpoint
Staff Security Research Engineer
Proofpoint is seeking a Staff Security Research Engineer to join our Threat Research team. You will work on tracking threat actors, malware, phishing, and TTPs, developing software to detect and prevent threats for Proofpoint customers. Overview
We are the leader in human-centric cybersecurity. We protect organizations worldwide and defend data and people against cyber threats. Your day-to-day
Design and develop software using a variety of languages, primarily Python, with little external guidance, while providing technical leadership to guide other software engineers on the team Modify existing web-based UI for internal tools to maintain and extend the sandbox submission and report UI for Proofpoint threat researchers Develop and maintain software in C or C++ for low-level OS interactions Develop and maintain web browser interaction capabilities using Chrome Web Driver Analyze and reverse engineer JavaScript that fingerprints web browser artifacts to identify sandbox web browsers or instrumentation, and innovate solutions to defeat those checks Familiarity with analyzing web front-end and the Document Object Model (DOM) Develop and maintain software for processing network traffic, including TLS decryption and processing PCAP files Collaborate with threat analysts and detection engineers to research threat actors and write detection rules for the systems you develop As needed, create new detection languages and systems for threat researchers to develop detection rules Enhance detection languages to allow greater flexibility for researchers to automate website interactions and detect threat patterns Apply AI Large Language Models where appropriate to enhance threat detection pipelines and assess when AI adds value Design and develop automation pipelines to turn manual tasks into automated scripts Stay abreast of a constantly evolving threat landscape and understand TTPs used by threat actors to bypass detection environments, including URL sandbox fingerprinting, detection, and evasion techniques Provide expert assistance and support to threat researchers and analysts in analyzing phishing websites and new evasion techniques Reverse engineer malware executable files for Windows as needed to support sandbox countermeasure development (primary malware reverse engineering responsibilities rest on other roles) Apply critical thinking to identify efficient and effective threat mitigations Work effectively as part of a remote team using chat, video, and conference calls Collaborate with other engineering teams to define requirements for continuous improvement of detection capabilities What You Bring To The Team
As a Security Research Engineer on Proofpoint’s Threat Research team, you’ll join a collaborative, industry-leading team focused on tracking threat actors, malware, phishing, and TTPs to counter evolving threats with innovative software. A passion for threat research and a deep understanding of the security threat landscape and actor TTPs, especially countermeasures for evasions and sandbox detection Ability to write production-grade, reliable Python code with instrumentation for observability and monitoring Experience developing software using Docker containers Experience developing web browser automation Experience analyzing network traffic for threat detection with a solid understanding of TLS, HTTP, and other network protocols Willing and able to work independently and as part of a distributed team Ability to work in a fully remote environment Nice to have
(candidates lacking these may still apply) Experience with C and C++ Experience Windows API hooks and researching undocumented Windows API functions Experience writing malware behavior signatures Experience analyzing malware with a debugger and willingness to learn Experience with static reverse engineering using IDA Pro, Ghidra, Binary Ninja, or similar Ability to interpret forensic output of dynamic analysis (sandbox) environments Experience with malware sandboxes (e.g., Cuckoo, Joe Sandbox, Any Run, Triage) Additional Information
Travel 1% - 10% (flexible) for team collaboration or security conferences Location: Canada (Remote), US (Remote), Argentina (Remote), UK (Remote), Ireland (Remote), Germany (Remote), France (Remote), Switzerland (Remote) Must be able to work during business hours local to your time zone Why Proofpoint
Proofpoint offers a comprehensive compensation and benefits package, a flexible work environment, and global collaboration opportunities. We’re committed to growth and development, with programs for leadership and professional development, mentoring, flexible time off, wellness and community days, and recognition for contributions. Competitive compensation Comprehensive benefits Learning & Development opportunities Flexible work environment Wellness and community days Recognition for contributions Global collaboration and networking Our Culture
Our culture is rooted in belonging and purpose. If you need accommodation during the application process, please reach out to accessibility@proofpoint.com.
#J-18808-Ljbffr
Proofpoint is seeking a Staff Security Research Engineer to join our Threat Research team. You will work on tracking threat actors, malware, phishing, and TTPs, developing software to detect and prevent threats for Proofpoint customers. Overview
We are the leader in human-centric cybersecurity. We protect organizations worldwide and defend data and people against cyber threats. Your day-to-day
Design and develop software using a variety of languages, primarily Python, with little external guidance, while providing technical leadership to guide other software engineers on the team Modify existing web-based UI for internal tools to maintain and extend the sandbox submission and report UI for Proofpoint threat researchers Develop and maintain software in C or C++ for low-level OS interactions Develop and maintain web browser interaction capabilities using Chrome Web Driver Analyze and reverse engineer JavaScript that fingerprints web browser artifacts to identify sandbox web browsers or instrumentation, and innovate solutions to defeat those checks Familiarity with analyzing web front-end and the Document Object Model (DOM) Develop and maintain software for processing network traffic, including TLS decryption and processing PCAP files Collaborate with threat analysts and detection engineers to research threat actors and write detection rules for the systems you develop As needed, create new detection languages and systems for threat researchers to develop detection rules Enhance detection languages to allow greater flexibility for researchers to automate website interactions and detect threat patterns Apply AI Large Language Models where appropriate to enhance threat detection pipelines and assess when AI adds value Design and develop automation pipelines to turn manual tasks into automated scripts Stay abreast of a constantly evolving threat landscape and understand TTPs used by threat actors to bypass detection environments, including URL sandbox fingerprinting, detection, and evasion techniques Provide expert assistance and support to threat researchers and analysts in analyzing phishing websites and new evasion techniques Reverse engineer malware executable files for Windows as needed to support sandbox countermeasure development (primary malware reverse engineering responsibilities rest on other roles) Apply critical thinking to identify efficient and effective threat mitigations Work effectively as part of a remote team using chat, video, and conference calls Collaborate with other engineering teams to define requirements for continuous improvement of detection capabilities What You Bring To The Team
As a Security Research Engineer on Proofpoint’s Threat Research team, you’ll join a collaborative, industry-leading team focused on tracking threat actors, malware, phishing, and TTPs to counter evolving threats with innovative software. A passion for threat research and a deep understanding of the security threat landscape and actor TTPs, especially countermeasures for evasions and sandbox detection Ability to write production-grade, reliable Python code with instrumentation for observability and monitoring Experience developing software using Docker containers Experience developing web browser automation Experience analyzing network traffic for threat detection with a solid understanding of TLS, HTTP, and other network protocols Willing and able to work independently and as part of a distributed team Ability to work in a fully remote environment Nice to have
(candidates lacking these may still apply) Experience with C and C++ Experience Windows API hooks and researching undocumented Windows API functions Experience writing malware behavior signatures Experience analyzing malware with a debugger and willingness to learn Experience with static reverse engineering using IDA Pro, Ghidra, Binary Ninja, or similar Ability to interpret forensic output of dynamic analysis (sandbox) environments Experience with malware sandboxes (e.g., Cuckoo, Joe Sandbox, Any Run, Triage) Additional Information
Travel 1% - 10% (flexible) for team collaboration or security conferences Location: Canada (Remote), US (Remote), Argentina (Remote), UK (Remote), Ireland (Remote), Germany (Remote), France (Remote), Switzerland (Remote) Must be able to work during business hours local to your time zone Why Proofpoint
Proofpoint offers a comprehensive compensation and benefits package, a flexible work environment, and global collaboration opportunities. We’re committed to growth and development, with programs for leadership and professional development, mentoring, flexible time off, wellness and community days, and recognition for contributions. Competitive compensation Comprehensive benefits Learning & Development opportunities Flexible work environment Wellness and community days Recognition for contributions Global collaboration and networking Our Culture
Our culture is rooted in belonging and purpose. If you need accommodation during the application process, please reach out to accessibility@proofpoint.com.
#J-18808-Ljbffr