Senior Security Researcher

Summary

Join Huntress, a fully remote global cybersecurity team, as a Security Product Researcher. You will investigate and combat attacker behavior, develop security solutions, and collaborate with product, engineering, and security teams. This role requires expertise in Google Workspace security, incident response, and vulnerability analysis. You will also prototype telemetry data, analyze software, and document research findings. Huntress offers a competitive salary, comprehensive benefits, and a 100% remote work environment.

Requirements

• Knowledge and technical expertise in Google ecosystem including: logs, APIs, multi-tenant environments, especially supporting MSPs, Google Workspace editions, and business plans with the ability to maximize value across business plan levels, GCP; security products such as: Chrome Enterprise, BeyondCorp, Google Identity Premium, and Google Vault
• Experience configuring and leveraging Google Workspace organizational units (OUs), group permissions, settings & APIs, including Gmail, Drive, Calendar, Takeout, & Docs scripting engine
• Experience configuring and leveraging Google Workspace security policies, including SSO, two-factor authentication, password policies, and data loss prevention (DLP) to protect sensitive information
• Experience with Google Chronicle and/or Vault
• Experience managing security settings like configuring email security, spam filtering, malware detection, and phishing protection
• Expertise in implementing, managing, and bypassing SSO, MFA, and identity governance across complex organizational structures
• Red team experience, coursework, training, certifications
• Proof of Concept (POC) development
• Comfortable reading API documentation for SaaS applications and programming languages

Responsibilities

• Produce security Capabilities we bring to market, owning the layered defense strategy gained by combining multiple data sources and security strategies
• Investigate identity compromise, initial access, authentication logins, and subsequent access to understand, document & combat attacker behavior
• Hunt threat actors in Google Workspace, AuthN, AuthZ, OAuth, & token authentication audit logs to determine Google environment initial access, abuse, and persistence
• Test attack paths, exploitation of vulnerabilities, and misconfigurations. Hunt and solve for identity hijacking via discovering exploitation of vulnerabilities and misconfigurations. Convert vulnerability testing findings into reliable and weaponized Proof-of-Concept (PoC) exploits for identified vulnerabilities. Hack to FIX things. Know how to break in and devise innovative fixes. Discover technical innovations to protect against attacks. Rapidly operationalize prototypes in the open to collect fast feedback and iterate toward product success
• Identify and prototype telemetry data that can be leveraged within Huntress to expand current prevention, hardening, and detection capabilities
• Analyze and reverse engineer software to discover security weaknesses and undocumented features
• Distinguish between suspicious and malicious login events and user behavior to reach the highest accuracy true positive rate
• Document research findings through technical write-ups, advisories, internal reports, and blogs
• Elevate and nurture the cross-department relationships critical for successful product delivery & launch. Coordinate with Security, Product, and Engineering teams to integrate and operationalize security solutions. Build high-trust, high-value relationships with product leads
• Proven organizational and program management skills, with keen attention to detail and a sense of urgency to deliver an exceptional product under tight deadlines
• Eagerness to engage, report, and be accountable to executive stakeholders. Enthusiasm to give and receive radical candor, challenge and be challenged in high speed cross-company engagements with hunger to deliver excellence and minimal ego
• Promote your expertise and brand to generate impactful security outcomes for businesses and the security community via media interaction, conference presentations, public speaking, and blogs with a commitment to educating on how to be security savvy in novel and fun ways

Preferred Qualifications

• Experience with MSP environments and IT automation tools such as PSAs and RMMs preferred
• Security conference presenters and community educators preferred
• Incident responder in Google environment incidents a plus
• Experience with conducting searches and creating visualizations in Elastic and Kibana is a plus
• Experience with Identity and Access Management (IAM) concepts and tools a plus
• Google Workspace Administrator, Google Cloud, GRTE Certifications a plus
• Experienced Cyber Network Operator, Computer Network Operator, Cyber Technical Operator Targeter, or other similar career fields a plus

Benefits

• 100% remote work environment - since our founding in 2015
• Generous paid time off policy, including vacation, sick time, and paid holidays
• 12 weeks of paid parental leave
• Highly competitive and comprehensive medical, dental, and vision benefits plans
• 401(k) with a 5% contribution regardless of employee contribution
• Life and Disability insurance plans
• Stock options for all full-time employees
• One-time $500 reimbursement for building/upgrading home office
• Annual allowance for education and professional development assistance
• $75 USD/month digital reimbursement
• Access to the BetterUp platform for coaching, personal, and professional growth