Job Post

Threat Researcher - Product Innovation

Carbon Black
201 South Street
Boston, MA 02111

Carbon Black, the leader in advanced threat protection, is seeking a Threat Researcher. This is a mid level position in Cyber Security, targeted toward individuals with more than 4 years of experience. Educational and personal experience with network/systems administration and/or information security related work is necessary. Expert understanding of modern defensive and offensive security tools, techniques and methods required.

Threat Researchers at Carbon Black are responsible for leading, conducting and presenting threat research done by Threat Analysis Unit (TAU) and build systems used across our security program. This includes the strong understanding of endpoint detection, cloud technologies, security operations, current threatscape and emerging threats. Threat Researchers are also expected to provide mentorship to other members of the team, and take lead in maturing procedures, evaluating new security technologies, incident response, penetration testing, and prototype/experiment with new ideas and technologies to improve both our product and services.

What Youll Do

  • Perform security research, handle complex security events, and analyze incident response, coordinate with other teams

  • Ensure that we are implementing best practice security policies that address the client's business needs while protecting their vital corporate assets

  • Work closely with internal and external customers for product and service improvements.

  • Take ownership or support ongoing projects by assisting in the implementation, research, testing and documentation of security related projects.

  • Dig through large scale data pipeline to help build a massively scalable, automatically updating Threat Intelligence Ecosystem.

  • Research anomalies to uncover new threat actor groups, malware, vulnerabilities, tools, and techniques.

  • Share data and expertise with private and public communities - Create custom rules for dissemination into the Carbon Black product suite.

  • Maintain knowledge of emerging security technologies and discipline developments. Research and manage the implementation of new technologies to enhance our products and customers security postures.

  • Manage and lead evaluations conducted by external third parties, including vulnerability assessments, product efficacy and penetration tests. Respond to reported product security vulnerabilities and bypasses.

  • Serve as subject matter expert (SME) and tier three support for security team members as they manage security events and incidents.

  • Being the voice of Research team to Product Marketing and Engineering, enabling to respond to real world customer demands and capabilities.

  • Train and mentor security leaders and managers, security operations teams, threat intelligence groups and incident responders including team members outside of the TAU group

  • Actively participate in the Carbon Black User-Exchange community as a subject matter expert, presenting in forums, online and at conferences.

Technical Skills / Experience:

  • Advanced skills in Windows, Linux, and/or OSX

  • Experience with a number of the following is a requirement: Unix Shell scripts, Perl, Python, Powershell, C#

  • Endpoint Security (e.g. Carbon Black Protection, Carbon Black Response, Symantec, McAfee, Forefront)

  • Windows Management (e.g. WSUS, SCCM, SCOM, Active Directory, Group Policy Objects,)

  • Vulnerability Management (e.g. Nexpose, Tenable Nessus, Qualys)

  • Penetration Testing Tools (e.g. Metasploit, Backtrack, Kali) and offensive techniques

  • Blue Team Detection Engineering (e.g. SIEM, Firewall, IDS, IPS, AntiVirus, EDR, etc.)

  • Operating Systems (e.g. Windows Desktops and Servers 2008/2012 etc, CentOS/Ubuntu/Debian Linux, OSX)

  • Ability to translate descriptions of attacks or malware techniques into proof of concept demonstrations for testing and product improvement.

  • Experience with building and/or managing large scale virtualized attack firing ranges a plus


What Youll Bring

  • Understanding of exploits and attacks against Windows, Linux and OSX systems.

  • Windows system internals experience

  • Knowledge of x86 and x64 instruction set architectures

  • Ability to use IDA Pro for reverse engineering, as well as other debuggers, hex editors, and disassemblers

  • Understanding defensive capabilities and how attackers bypass them

  • Understanding of anti-analysis techniques and how to work around them.

  • Experience creating and/or developing analysis environments

  • Ability to analyze malware and extract indicators and feed them back into the products

  • Understanding the threat landscape and latest attack techniques

  • Strong analytical skills to define risk, identify potential threats, and develop action/mitigation plan. An ability to communicate these concepts to technical and non-technical audiences

  • Strong interpersonal skills, ability to mentor/train staff and bring awareness to current and emerging threats

  • Certifications a Plus: CISSP, SANS GIAC Certifications (GCIH, GPEN, GSEC, etc.) OSCP/OSCE

  • Strong written and verbal communication skills with an ability to present technical risks and issues to non-technical audiences

Why you should join us

Carbon Black is a leader in endpoint security dedicated to keeping the world safe fromcyberattacks. With more than 5,000 customersincluding 34 of the Fortune 100the opportunities here are massive and exciting.

With 1,200+ employees, offices across the world, and the best-of-the-best tools for collaboration from anywhere, now is an ideal time to become part of the CB Team. See where you fit best at Lifeatcb.carbonblack.com.

Carbon Black, Inc. is an EEO/AA employer. Carbon Black is an inclusive employer that believes in workplace equality, supports diversity, creates a welcoming environment, and respects the unique qualities each individual brings to the company.

Category: Software Engineering/QA
Full-time

See What It's Like To Work Here

Carbon Black is a leading provider of next-generation endpoint security.

More Jobs From This Company

Get unlimited job listings with a BIZZpage