Proofpoint
Overview
Staff Security Research Engineer on Proofpoint’s Threat Research team, focused on tracking threat actors, malware, phishing, and TTPs, and developing software to detect and prevent threats for Proofpoint customers. Your day-to-day
Design and develop software using a variety of languages, primarily Python, with little external guidance, while providing technical leadership to guide other software engineers on the team Modify and extend the sandbox submission and report UI for Proofpoint threat researchers Some work requires writing C or C++ for low level OS interactions Develop and maintain web browser interaction capabilities using Chrome WebDriver Analyze and reverse engineer JavaScript that fingerprints web browser artifacts to identify sandboxed browsers or instrumentation, and develop solutions to defeat those checks Familiarity with analyzing web front-end and the DOM Develop and maintain software for processing network traffic, including TLS decryption and processing PCAP files Collaborate with threat analysts and detection engineers who research threat actors and write detection rules for the developed systems Create new detection languages and systems to help threat researchers develop detection rules Enhance threat detection languages to increase flexibility for threat researchers Apply AI Large Language Models where appropriate to enhance threat detection pipelines and testing Design and develop automation pipelines to turn manual tasks into automated scripts Stay abreast of a constantly evolving threat landscape and threat actor TTPs, including URL sandbox fingerprinting/detection/evasion techniques Provide expert assistance to threat researchers and analysts analyzing phishing websites and evasion techniques Support sandbox countermeasure development, reverse engineering malware executables for Windows as needed (primary reverse engineering responsibilities rest on other roles) Apply critical thinking to identify efficient ways to mitigate threats and evasions Work effectively in a remote team using chat, video, and conference calls Collaborate with other engineering teams, defining requirements for continuous improvement of detection capabilities What You Bring To The Team
A passion for threat research and a deep understanding of the security threat landscape and threat actor TTPs, especially evasion countermeasures and sandbox detection techniques Ability to write production-grade, reliable Python code with observability and monitoring Experience developing software using Docker containers Experience developing web browser automation Experience analyzing network traffic for threat detection with solid understanding of TLS, HTTP, and related protocols Willing and able to work independently and as part of a distributed team Ability to work fully remotely Nice to have
Experience with C and C++ is a plus Experience developing Windows API hooks and researching undocumented Windows APIs Experience writing malware behavior signatures Some experience analyzing malware with a debugger and willingness to learn Experience with static reverse engineering tools (IDa Pro, Ghidra, Binary Ninja, etc.) is a plus Ability to interpret forensic output from dynamic analysis (sandbox) environments Experience with various malware sandboxes (e.g., Cuckoo, Joe Sandbox, Any Run, Triage) Additional Information
Travel 1% - 10% (flexible) for team collaboration or security conferences Location: Canada (Remote), US (Remote), Argentina (Remote), UK (Remote), Ireland (Remote), Germany (Remote), France (Remote), Switzerland (Remote) Must be able to work during business hours local to your time zone Why Proofpoint
We are a customer-focused, growth-oriented organization offering a comprehensive compensation and benefits package, with a multinational presence and a culture of collaboration. Competitive compensation Comprehensive benefits Learning & Development programs, leadership and professional development, projects, and mentoring Flexible remote/hybrid work environment Annual wellness and community outreach days Recognition for contributions Global collaboration and networking opportunities Base Pay Ranges
SF Bay Area, New York City Metro Area: 194,475.00 - 285,230.00 USD Other listed U.S. regions: 162,375.00 - 238,150.00 USD All other listed cities and states: 148,425.00 - 217,690.00 USD Seniority level
Not Applicable Employment type
Full-time Job function
Engineering and Information Technology Industries: Computer and Network Security and Software Development Referrals increase your chances of interviewing at Proofpoint We’re unlocking community knowledge in a new way with insights created using AI
#J-18808-Ljbffr
Staff Security Research Engineer on Proofpoint’s Threat Research team, focused on tracking threat actors, malware, phishing, and TTPs, and developing software to detect and prevent threats for Proofpoint customers. Your day-to-day
Design and develop software using a variety of languages, primarily Python, with little external guidance, while providing technical leadership to guide other software engineers on the team Modify and extend the sandbox submission and report UI for Proofpoint threat researchers Some work requires writing C or C++ for low level OS interactions Develop and maintain web browser interaction capabilities using Chrome WebDriver Analyze and reverse engineer JavaScript that fingerprints web browser artifacts to identify sandboxed browsers or instrumentation, and develop solutions to defeat those checks Familiarity with analyzing web front-end and the DOM Develop and maintain software for processing network traffic, including TLS decryption and processing PCAP files Collaborate with threat analysts and detection engineers who research threat actors and write detection rules for the developed systems Create new detection languages and systems to help threat researchers develop detection rules Enhance threat detection languages to increase flexibility for threat researchers Apply AI Large Language Models where appropriate to enhance threat detection pipelines and testing Design and develop automation pipelines to turn manual tasks into automated scripts Stay abreast of a constantly evolving threat landscape and threat actor TTPs, including URL sandbox fingerprinting/detection/evasion techniques Provide expert assistance to threat researchers and analysts analyzing phishing websites and evasion techniques Support sandbox countermeasure development, reverse engineering malware executables for Windows as needed (primary reverse engineering responsibilities rest on other roles) Apply critical thinking to identify efficient ways to mitigate threats and evasions Work effectively in a remote team using chat, video, and conference calls Collaborate with other engineering teams, defining requirements for continuous improvement of detection capabilities What You Bring To The Team
A passion for threat research and a deep understanding of the security threat landscape and threat actor TTPs, especially evasion countermeasures and sandbox detection techniques Ability to write production-grade, reliable Python code with observability and monitoring Experience developing software using Docker containers Experience developing web browser automation Experience analyzing network traffic for threat detection with solid understanding of TLS, HTTP, and related protocols Willing and able to work independently and as part of a distributed team Ability to work fully remotely Nice to have
Experience with C and C++ is a plus Experience developing Windows API hooks and researching undocumented Windows APIs Experience writing malware behavior signatures Some experience analyzing malware with a debugger and willingness to learn Experience with static reverse engineering tools (IDa Pro, Ghidra, Binary Ninja, etc.) is a plus Ability to interpret forensic output from dynamic analysis (sandbox) environments Experience with various malware sandboxes (e.g., Cuckoo, Joe Sandbox, Any Run, Triage) Additional Information
Travel 1% - 10% (flexible) for team collaboration or security conferences Location: Canada (Remote), US (Remote), Argentina (Remote), UK (Remote), Ireland (Remote), Germany (Remote), France (Remote), Switzerland (Remote) Must be able to work during business hours local to your time zone Why Proofpoint
We are a customer-focused, growth-oriented organization offering a comprehensive compensation and benefits package, with a multinational presence and a culture of collaboration. Competitive compensation Comprehensive benefits Learning & Development programs, leadership and professional development, projects, and mentoring Flexible remote/hybrid work environment Annual wellness and community outreach days Recognition for contributions Global collaboration and networking opportunities Base Pay Ranges
SF Bay Area, New York City Metro Area: 194,475.00 - 285,230.00 USD Other listed U.S. regions: 162,375.00 - 238,150.00 USD All other listed cities and states: 148,425.00 - 217,690.00 USD Seniority level
Not Applicable Employment type
Full-time Job function
Engineering and Information Technology Industries: Computer and Network Security and Software Development Referrals increase your chances of interviewing at Proofpoint We’re unlocking community knowledge in a new way with insights created using AI
#J-18808-Ljbffr