Security Researcher

• Resarch and understand attacker TTPs to remain current as a subject matter expert within Vectra
• Research new threat detection technologies and investigate innovative approaches to finding attackers operating within customer environments
• Collaborate across Vectra to identify, research, and develop new detection models – working hand-in-hand with members of data science, consulting services, and other product teams
• Replicate attacker techniques and tooling to produce samples for use during detection development and for detection validation and gap identification
• Pursue security research topics that contribute to the knowledge and enumeration of new threats, tactics, and techniques in network, cloud, and hybrid environments
• Provide an attackers-eye-view to the evidence presented by Vectra products and educate customers to the technical nature of the threat

‍

• 3+ years of attack and penetration testing experience in a network environment; or
• 3+ years direct experience in areas of security research, malware analysis, or incident response
• Knowledge of corporate security investigation and incident response processes, along with malware detection and mitigation technologies
• Solid programming skills with scripting languages such as Python
• Strong problem solving, troubleshooting and analysis skills
• Excellent written and verbal communication skills
• Excellent inter-personal and teamwork skills
• Proactive, hard-working team player with a good sense of humor
• Self-driven, able to efficiently work remotely without close supervision

Attack simulation experience;

• Knowledgable of the Tools, Techniques, and Procedures of advanced threat actors
• Proficiency with common attacker and red team tools and frameworks: Cobalt Strike, Metasploit, Empire, Mimikatz, impacket, CrackMapExec, etc.
• Ability to realistically recreate advanced threat actor TTPs within controlled environments

Network experience:

• Knowledgeable in network and application protocols, and traffic analysis (network forensics)
• Proficiency with network traffic analysis and network forensics tools such as Wireshark and tcpdump
• Proficiency with host forensics and memory analysis tools to study advanced threat actor activities
• Strong knowledge of networking and network application concepts: TCP/IP, UDP, HTTP, TLS, FTP, RPC, DNS, SMB, Kerberos, etc.

‍