Proofpoint
Overview
Staff Security Research Engineer Your day-to-day role involves designing and developing software to track threat actors, malware, phishing, and TTPs; collaborating with threat researchers and detection engineers; and contributing to threat detection and automation efforts in a remote team environment. Responsibilities
Design and develop software using a variety of languages, primarily Python, with limited external guidance, while providing technical leadership to guide other software engineers on the team Modify and extend the sandbox submission and report UI for Proofpoint threat researchers Write low-level components in C or C++ for OS interactions where needed Develop and maintain web browser interaction capabilities using Chrome WebDriver Analyze and reverse engineer JavaScript that fingerprints web browsers to identify sandbox checks and develop countermeasures Analyze web front-end and DOM to support detection and research efforts Develop and maintain software for processing network traffic, including TLS decryption and PCAP processing Collaborate with threat analysts and detection engineers to research threat actors and write detection rules Create new detection languages and systems to enable researchers to develop rules Enhance existing threat detection languages to improve automation and detection workflows Apply AI/LLM concepts to threat detection pipelines where beneficial and appropriate Design and develop automation pipelines to turn manual tasks into automated scripts Stay current with evolving threat landscape and actor techniques, including URL sandbox fingerprinting/detection/evasion Provide expert assistance to threat researchers analyzing phishing websites and evasion techniques Support sandbox countermeasure development and reverse engineering of Windows malware when required Use critical thinking to identify efficient ways to mitigate threats and evasions Collaborate with remote team via chat, video, and conference calls Work with other engineering teams to continuously improve critical detection capabilities What You Bring To The Team
A passion for threat research and a deep understanding of security threat landscape and actor TTPs, with focus on evasions and sandbox detection Production-grade Python coding with observability and error monitoring Experience with Docker container development Experience with web browser automation Experience analyzing network traffic with TLS, HTTP, and related protocols Ability to work independently and as part of a distributed team Ability to work fully remote Nice to Have
Experience with C/C++ Experience developing Windows API hooks and researching undocumented Windows APIs Experience writing malware behavior signatures Experience debugging malware and willingness to learn Experience static reverse engineering with IDA Pro, Ghidra, Binary Ninja, or similar Ability to interpret dynamic analysis (sandbox) outputs Experience with multiple malware sandboxes (e.g., Cuckoo, Joe Sandbox, Any Run, Triage) Additional Information
Travel 1% - 10% (flexible) for team collaboration or security conferences Location: Remote in Canada, US, Argentina, UK, Ireland, Germany, France, Switzerland Must be able to work during business hours local to your time zone Why Proofpoint
As a customer-focused, growth-oriented organization with leading-edge products, Proofpoint offers a comprehensive compensation and benefits package. We hire the best and cultivate a culture of collaboration and appreciation, with opportunities for global collaboration and career development. Competitive compensation Comprehensive benefits Learning and development programs, leadership and mentoring opportunities Flexible work environment including remote options and flexible hours Annual wellness and community outreach days Recognized contributions and global networking opportunities Base Pay Ranges (illustrative): SF Bay Area / NYC Metro Area: 194,475.00 - 285,230.00 USD; Other listed US regions: 162,375.00 - 238,150.00 USD; All other locations: 148,425.00 - 217,690.00 USD. Actual offer depends on experience and location.
#J-18808-Ljbffr
Staff Security Research Engineer Your day-to-day role involves designing and developing software to track threat actors, malware, phishing, and TTPs; collaborating with threat researchers and detection engineers; and contributing to threat detection and automation efforts in a remote team environment. Responsibilities
Design and develop software using a variety of languages, primarily Python, with limited external guidance, while providing technical leadership to guide other software engineers on the team Modify and extend the sandbox submission and report UI for Proofpoint threat researchers Write low-level components in C or C++ for OS interactions where needed Develop and maintain web browser interaction capabilities using Chrome WebDriver Analyze and reverse engineer JavaScript that fingerprints web browsers to identify sandbox checks and develop countermeasures Analyze web front-end and DOM to support detection and research efforts Develop and maintain software for processing network traffic, including TLS decryption and PCAP processing Collaborate with threat analysts and detection engineers to research threat actors and write detection rules Create new detection languages and systems to enable researchers to develop rules Enhance existing threat detection languages to improve automation and detection workflows Apply AI/LLM concepts to threat detection pipelines where beneficial and appropriate Design and develop automation pipelines to turn manual tasks into automated scripts Stay current with evolving threat landscape and actor techniques, including URL sandbox fingerprinting/detection/evasion Provide expert assistance to threat researchers analyzing phishing websites and evasion techniques Support sandbox countermeasure development and reverse engineering of Windows malware when required Use critical thinking to identify efficient ways to mitigate threats and evasions Collaborate with remote team via chat, video, and conference calls Work with other engineering teams to continuously improve critical detection capabilities What You Bring To The Team
A passion for threat research and a deep understanding of security threat landscape and actor TTPs, with focus on evasions and sandbox detection Production-grade Python coding with observability and error monitoring Experience with Docker container development Experience with web browser automation Experience analyzing network traffic with TLS, HTTP, and related protocols Ability to work independently and as part of a distributed team Ability to work fully remote Nice to Have
Experience with C/C++ Experience developing Windows API hooks and researching undocumented Windows APIs Experience writing malware behavior signatures Experience debugging malware and willingness to learn Experience static reverse engineering with IDA Pro, Ghidra, Binary Ninja, or similar Ability to interpret dynamic analysis (sandbox) outputs Experience with multiple malware sandboxes (e.g., Cuckoo, Joe Sandbox, Any Run, Triage) Additional Information
Travel 1% - 10% (flexible) for team collaboration or security conferences Location: Remote in Canada, US, Argentina, UK, Ireland, Germany, France, Switzerland Must be able to work during business hours local to your time zone Why Proofpoint
As a customer-focused, growth-oriented organization with leading-edge products, Proofpoint offers a comprehensive compensation and benefits package. We hire the best and cultivate a culture of collaboration and appreciation, with opportunities for global collaboration and career development. Competitive compensation Comprehensive benefits Learning and development programs, leadership and mentoring opportunities Flexible work environment including remote options and flexible hours Annual wellness and community outreach days Recognized contributions and global networking opportunities Base Pay Ranges (illustrative): SF Bay Area / NYC Metro Area: 194,475.00 - 285,230.00 USD; Other listed US regions: 162,375.00 - 238,150.00 USD; All other locations: 148,425.00 - 217,690.00 USD. Actual offer depends on experience and location.
#J-18808-Ljbffr