Principal Security Researcher

Summary

Join Huntress, a fully remote global cybersecurity team, as a Security Product Researcher. You will lead security capabilities, investigate identity compromises, hunt threat actors in Google environments, and test attack paths. Responsibilities include developing security products, analyzing technology, and documenting research findings. You will collaborate with Product, Engineering, and Security teams to deliver impactful features. The ideal candidate possesses expert skills in accessing and testing Google data, knowledge of Google vulnerabilities, and experience building exploit proofs of concept. Huntress offers a competitive salary, benefits, and a remote work environment.

Requirements

• Expert skills in accessing & testing Google data without console or native Google tools
• Expert knowledge of Google logs & APIs
• Experience bypassing Google security controls, performing account takeover, bypassing MFA & attacking Google tech stack
• Experience building exploit proofs of concept (POC)
• Expert knowledge of Google vulnerabilities & threats with the ability to emulate attacks in a test lab created by you
• Innovator builder mindset – you are not afraid to build in the open and share the ugly early versions of your work using feedback to iterate your research & learning
• Can toggle between red team, systems administration & defender roles
• Expert skills operating across multi-tenant environments, especially supporting MSPs, Google Workspace editions, and business plans, with the ability to maximize value across business plan levels
• Can translate between GCP, Google Workspace & Google security products

Responsibilities

• Lead the security Capabilities we bring to market, owning the layered defense strategy gained by combining multiple data sources
• Investigate identity compromises such as account takeover, session hijacking, and credential theft, to convert attacker behavior into threat detection and identity security product capabilities
• Hunt threat actors in Google environments to discover attacker initial access, abuse, and persistence
• Test attack paths. Go beyond disclosing vulnerabilities and misconfigurations to developing requirements for security products that shut out attackers
• Safely & ethically test exploitation of vulnerabilities, misconfigurations, and attack paths that result in developing reliable and weaponized Proof-of-Concept (PoC) exploits for identified vulnerabilities
• Identify telemetry that confirms malicious activity with high confidence, even when little or no environment baselines exist
• Analyze and reverse engineer technology to discover security weaknesses and undocumented features
• Distinguish between suspicious and malicious login events to reach the highest accuracy true positive rate
• Conduct research and development efforts to further threat detection and security posture
• Document research findings through technical write-ups, advisories, internal reports, and blogs
• Identify improvement opportunities in existing product features and explore new ones based on feedback from partners, prospects, peers, and industry publications
• Elevate and nurture the cross-department relationships critical for successful product delivery & launch
• Build high-trust, high-value relationships with product leads
• Proven organizational and program management skills, with keen attention to detail and a sense of urgency to deliver an exceptional product under tight deadline pressures
• Eagerness to engage, report, and be accountable to executive stakeholders
• Passion to translate your expertise in nontechnical ways to deliver impactful security outcomes that protect the 99%
• Promote Huntress’ reputation through media interaction, public speaking, and blogs
• Educate the public on how to be security savvy in novel and fun ways

Preferred Qualifications

• Understanding of how MSPs utilize IT automation tools such as PSAs and RMMs
• Experience with conducting searches and creating visualizations in Elastic and Kibana
• Security conference presenters and community educators

Benefits

• 100% remote work environment - since our founding in 2015
• Generous paid time off policy, including vacation, sick time, and paid holidays
• 12 weeks of paid parental leave
• Highly competitive and comprehensive medical, dental, and vision benefits plans
• 401(k) with a 5% contribution regardless of employee contribution
• Life and Disability insurance plans
• Stock options for all full-time employees
• One-time $500 reimbursement for building/upgrading home office
• Annual allowance for education and professional development assistance
• $75 USD/month digital reimbursement
• Access to the BetterUp platform for coaching, personal, and professional growth