Job Specifications
Job Description
Lead Threat Researcher
About The Role
A Lead Threat Researcher - Security is both a cybersecurity expert and an experienced detections developer for endpoint, network or cloud. They research and curate alerts and reports for their surface area. They look at new and emerging threats to identify the investments we should be making to improve our threat detection capabilities. A Lead Threat Researcher is both a security expert in their source area and an experienced software developer. They have a strong security engineering and software development background that has a track record of developing high quality vulnerability and security posture management/analysis tooling and content for network, endpoint, and cloud. They look at new and emerging threats to identify the investments we should be making to improve our managed risk capabilities. Their overarching goal is to help us make security better for our clients every day. This role works with team members, Product Management, Security Services and various other specialists to continuously improve the coverage and efficiency of our MDR solution.
A Lead Threat Researcher is responsible for providing the team technical direction to deliver high value detection capabilities. The Lead Threat Researcher will provide technical and security guidance and direction to their team through the entire development lifecycle. They will also provide guidance on best practices for performing research and developing detections. This is different from a Team Lead. The Team lead is responsible for leading the team and projects that team works on.
Responsibilities Include
Research and develop expertise in the various threat surfaces and telemetry available for them
Work closely with technical leadership across the Security Products team and the company to drive and deliver on longer term outcomes as well as immediate threats
Propose coverage and efficacy improvements to the detection surface
Work with team members to develop novel detections and continuously tune existing ones
Participate in the full software development life cycle
Build well-designed, testable, efficient and secure code
Build runbooks, reports and supporting material for detection surface
Document research findings and knowledge share with team and other departments
Troubleshoot, educate, and share information with non-technical people
Contribute to the growth and mentorship of other team members
Detailed knowledge in the inner workings of vulnerability scanners such as Qualys, Rapid7, Tenable, etc.
Experience with identifying product and market changes and needed analysis/detection coverage changes in your existing sources
History of identifying product and market changes and needed analysis/detection coverage changes in your existing sources
Experience with coding, preferably in python
Ability to troubleshoot, educate, and share information with non-technical people
We value a culture of sharing, so every team has the opportunity to share their work with the entire department during our monthly R&D Demos. Once a year we hold a department-wide Hackathon, teaming up across all R&D teams over four days to collaborate and build cool ideas outside the normal project scope. While innovation is the focus, some of these ideas do make it into our products.
About You
We use and train a variety of technologies in MDR. You should have a deep understanding of the basic workings of a security operation center. As a lead developer you bring a diverse knowledge base that you use to help the team solve complex technical and security problems.
Expert in the development of security products/systems with a focus on 3 or more of the following key areas:
SIEM detections
NDR/IPS/IDS detections/signatures
EDR detections/signatures
Sigma and Yara rules
Cloud security detections
Development of anomaly and behavioural based detections
Tuning and optimization of detections for all the above
Expert in at least two of the following Development Languages & Methodologies:
Python, Go, Java, and C/C++
Test Driven Development
Full understanding and use of DevOps methods/tooling
Full understanding/application of secure development practices
Cloud Development: AWS, Azure, and GCP using Kubernetes/Containers, IaaS, and key PaaS services
Agile (SCRUM/Kanban)
Expert In Following Security Tooling
NGFW (PAN, CISCO, Fortinet, etc.)
Open Source IPS/IDS/NSM (e.g. Bro/Zeek/Suricata)
SIEMs and Security Analytics platforms (e.g. Elastic, Open Source Big Data Stacks, Splunk, etc.)
In addition, you have proven leadership experience from previous projects, regardless of title held. You have the ability to perform programming tasks and large engineering projects with Independence and expertise. You will be responsible for guiding and mentoring other staff members and will regularly lead technical projects. You have a high level of mastery over software development best practices and building reusable design patterns.
You have
About the Company
Every year new technologies, vendors, and solutions emerge--yet despite this constant innovation, high-profile breaches are all over the headlines.
In response, organizations have scrambled to develop a better security posture, but the dizzying array of options leaves resource-constrained IT and security leaders wondering how to proceed.
Enter Arctic Wolf, the market leader in Security Operations.
Using the cloud-native Arctic Wolf Aurora Platform, we help organizations end cyber risk by providing security operations as a...
Know more