Proofpoint
Overview
Staff Security Research Engineer at Proofpoint. Proofpoint is a leading cybersecurity company protecting organizations from threats to people. We serve a global customer base and seek to defend data and users against evolving cyber threats. Your day-to-day
Design and develop software using a variety of languages, primarily Python, with limited external guidance, while providing technical leadership to guide other software engineers on the team Modify and extend the sandbox submission and report UI for Proofpoint threat researchers Write low-level code in C or C++ for OS interactions as needed Develop and maintain web browser interaction capabilities using Chrome WebDriver Analyze and reverse engineer JavaScript that fingerprints web browser artifacts to identify sandbox checks; innovate countermeasures Analyze web front-ends and the Document Object Model (DOM) Develop and maintain software for processing network traffic, including TLS decryption and PCAP processing Collaborate with threat analysts and detection engineers to research threat actors and write detection rules Create new detection languages and systems to enable threat researchers to develop rules Enhance detection languages to automate website interactions and detect threat patterns Apply AI Large Language Models where appropriate to improve threat detection and decision-making Design automation pipelines to convert manual tasks into automated scripts Stay current with the evolving threat landscape and threat actor TTPs, especially URL sandbox fingerprinting, detection, and evasion techniques Provide expert support to threat researchers analyzing phishing websites and evasion techniques Support sandbox countermeasure development and reverse engineer Windows malware when needed (primary reverse engineering responsibilities rest on other roles) Utilize critical thinking to mitigate threats and evasions Collaborate with remote teams via chat, video, and conference calls Work with other engineering teams to improve critical detection capabilities What you bring to the team
A passion for threat research and a deep understanding of security threat landscape and actor TTPs, including evasion and sandbox detection techniques Production-grade Python code with instrumentation for observability and reliability Experience with Docker containers Experience with web browser automation Experience analyzing network traffic and a solid understanding of TLS, HTTP, and related protocols Ability to work independently and as part of a distributed team Ability to work fully remotely The following are nice-to-have (candidates without them should still apply): Experience with C and C++ Experience developing Windows API hooks and researching undocumented Windows APIs Experience writing malware behavior signatures Experience analyzing malware with a debugger and willingness to learn Experience with static reverse engineering using IDA Pro, Ghidra, Binary Ninja, or similar tools Ability to interpret forensic output from dynamic analysis and sandbox environments Experience with malware sandboxes (e.g., Cuckoo, Joe Sandbox, Any Run, Triage) Additional information
Travel: 1%–10% (flexible) for team collaboration or security conferences Location: Remote in Canada, US, Argentina, UK, Ireland, Germany, France, or Switzerland Must be able to work during local business hours Why Proofpoint
We offer a comprehensive compensation and benefits package, a collaborative culture, and opportunities for growth. Our benefits include flexible work options, wellness days, paid time off, and global collaboration opportunities.
#J-18808-Ljbffr
Staff Security Research Engineer at Proofpoint. Proofpoint is a leading cybersecurity company protecting organizations from threats to people. We serve a global customer base and seek to defend data and users against evolving cyber threats. Your day-to-day
Design and develop software using a variety of languages, primarily Python, with limited external guidance, while providing technical leadership to guide other software engineers on the team Modify and extend the sandbox submission and report UI for Proofpoint threat researchers Write low-level code in C or C++ for OS interactions as needed Develop and maintain web browser interaction capabilities using Chrome WebDriver Analyze and reverse engineer JavaScript that fingerprints web browser artifacts to identify sandbox checks; innovate countermeasures Analyze web front-ends and the Document Object Model (DOM) Develop and maintain software for processing network traffic, including TLS decryption and PCAP processing Collaborate with threat analysts and detection engineers to research threat actors and write detection rules Create new detection languages and systems to enable threat researchers to develop rules Enhance detection languages to automate website interactions and detect threat patterns Apply AI Large Language Models where appropriate to improve threat detection and decision-making Design automation pipelines to convert manual tasks into automated scripts Stay current with the evolving threat landscape and threat actor TTPs, especially URL sandbox fingerprinting, detection, and evasion techniques Provide expert support to threat researchers analyzing phishing websites and evasion techniques Support sandbox countermeasure development and reverse engineer Windows malware when needed (primary reverse engineering responsibilities rest on other roles) Utilize critical thinking to mitigate threats and evasions Collaborate with remote teams via chat, video, and conference calls Work with other engineering teams to improve critical detection capabilities What you bring to the team
A passion for threat research and a deep understanding of security threat landscape and actor TTPs, including evasion and sandbox detection techniques Production-grade Python code with instrumentation for observability and reliability Experience with Docker containers Experience with web browser automation Experience analyzing network traffic and a solid understanding of TLS, HTTP, and related protocols Ability to work independently and as part of a distributed team Ability to work fully remotely The following are nice-to-have (candidates without them should still apply): Experience with C and C++ Experience developing Windows API hooks and researching undocumented Windows APIs Experience writing malware behavior signatures Experience analyzing malware with a debugger and willingness to learn Experience with static reverse engineering using IDA Pro, Ghidra, Binary Ninja, or similar tools Ability to interpret forensic output from dynamic analysis and sandbox environments Experience with malware sandboxes (e.g., Cuckoo, Joe Sandbox, Any Run, Triage) Additional information
Travel: 1%–10% (flexible) for team collaboration or security conferences Location: Remote in Canada, US, Argentina, UK, Ireland, Germany, France, or Switzerland Must be able to work during local business hours Why Proofpoint
We offer a comprehensive compensation and benefits package, a collaborative culture, and opportunities for growth. Our benefits include flexible work options, wellness days, paid time off, and global collaboration opportunities.
#J-18808-Ljbffr