Threat Intelligence Researcher

Summary

Join SecurityScorecard's Threat Research team as an experienced threat hunter/threat researcher. You will lead or play a major role in tracking active campaigns from threat actors, automating data collection using Python, maintaining knowledge of APTs and ransomware, publishing research reports, and training others. The ideal candidate possesses 2-5 years of security research experience, including threat actor hunting, and fluency in a high-level programming language like Python. Experience with threat intelligence platforms and excellent communication skills are essential. SecurityScorecard offers a competitive salary, stock options, health benefits, unlimited PTO, parental leave, and tuition reimbursements.

Requirements

• Has at least 2-5 years of experience in security research broadly, including hunting threat actors (criminals or nation states), with specific technical experience (analysis of campaigns, malware involved, command and control (C2) servers, and CVEs exploited)
• Analysis of campaigns and actors extends beyond data breaches and traditional attacks (e.g. DDoS, public leaked credentials to network access) to sophisticated, nation-state or cybercrime-driven campaigns
• Fluent in at least one high-level programming language (Python, Go, Ruby, JavaScript, etc.) and ability to use the experience to automate threat hunting and threat intelligence gathering activities (in Threat Research we use Python on a daily basis)
• Experience working with threat intelligence platforms such as MISP and related analysis systems such as Splunk, VirusTotal Intelligence Graph Explorer, Silobreaker, or other commercial tools for analyzing our data

Responsibilities

• Track active campaigns from major threat actors both known and unknown against public, private, and government entities and automate collection of data on these topics
• Write automation code in Python to collect new in-house developed threat intelligence data that will be consumed by upstream teams and products
• Maintain knowledge of Advanced Persistent Threat (APT), ransomware, and major cybercrime Tactics Techniques and Procedures(TTPs)
• Write and publish reports and then share with the security research community through our partnerships
• Teach and train others in the company on the tactics and methods of tracking advanced threats
• Provide threat context and integration support to multiple SecurityScorecard products, customers, and sales architects
• Analyze technical data to extract attacker TTPs, identify unique attributes of malware, map attacker infrastructure, and pivot to related threat data
• Identify and hunt for emerging threat activity across all internal/external sources
• Establish standards, taxonomy, and processes for threat modeling and integration
• Perform threat research and analysis during high-severity cyber-attacks impacting SecurityScorecard customers globally

Preferred Qualifications

• Experience with C and/or Assembly or another low level programming language that ties into development of exploits for software, firmware, and hardware products
• Experience with producing and consuming data from streaming platforms such as Confluent Kafka, which we use internally to centralize all our threat intelligence data for consumption by upstream products
• Functional understanding of vulnerabilities and related exploit code, capable of writing automation and detection for various CVEs
• Experience in developing automation to statically and dynamically analyze malware and subsequent campaigns
• Experience with reverse engineering using IDA, Radare, Ghidra or another malware analysis program as well as working knowledge of debuggers such as Olybdg and hopper

Benefits

• Competitive salary
• Stock options
• Health benefits
• Unlimited PTO
• Parental leave
• Tuition reimbursements