Network Threat Researcher

The Opportunity

The successful candidate will report to the Manager of Tactical Threat Response and be responsible for end-to-end threat detection in our MDR for Network service.  The Tactical Threat Response (TTR) team creates proprietary security content, network rules to detect threats, and runbooks to streamline investigations. TTR is made up of dedicated security experts that manage the entire content creation process, which is informed by observations from our Security Operations Center (SOC), outputs from the other teams within the Threat Response Unit (TRU) and the MITRE ATT&CK framework. The TTR team manages the security content development roadmap to ensure our services keep up with the threat landscape.

Responsibilities

• Identifying, organizing, and processing new novel detection techniques
• Triaging new detectors
• Detector development
• Deployment and Support
• Ongoing tuning and maintenance
• Network Threat Detection subject matter expert

Desired Skills

• Threat Modeling: Understand how adversaries will attack network/cloud infrastructure, what their goals may be, and where detection opportunities exist
• Security Data Analysis and Analytics: Identify patterns and anomalies in logs, packet captures, system events, and other relevant security data, apply analytics, and create actionable detections
• Investigation Theory: Ability to take an alert and define repeatable investigation steps that support a security outcome
• Threat Hunting: Understand adversary behavior, develop a hypothesis, design hunts, and interpret the results
• Process oriented: Experience understanding, following, updating, and creating repeatable instructions for day-to-day activities
• Independent self-starter: Experience independently generating ideas, developing a plan, and executing on that plan

Requirements

• Experience interpreting and writing Suricata rules

• Understanding and experience with network attacks, adversary goals, and investigating incidents using network data
• Experience analyzing network data and developing rules that may require you to use regex, YARA, Sigma, or any other enterprise grade technology or formats
• Experience threat hunting using session data or raw PCAP
• Experience documenting investigation strategies or developing incident reports
• Knowledge of attacker tactics, techniques, and procedures and understanding of how these activities manifest in network data
• Knowledge of operating systems and networking
• Knowledge of Incident Response and Forensics applied to network data
• Experience in testing security signatures in controlled environments to ensure accuracy and minimize false positives
• Familiarity with relevant industry compliance standards (e.g., PCI DSS, HIPAA, GDPR) and the ability to develop signatures to meet compliance requirements
  
  

Preferred Qualifications

• Proficiency in programming and scripting languages (e.g., Python, Perl, PowerShell) to automate signature development and testing
• 3+ years of relevant work experience in network security
• Familiarity with packet capture tools such as Wireshark and tcpdump for in-depth analysis of network traffic
• Certified Information Systems Security Professional (CISSP), or any relevant intrusion detection and network security certifications