Threat Researcher - Opportunity for Working Remotely
Primary Location: Sacramento,California
VMware Carbon Black, the leader in advanced threat protection, is seeking a Threat Researcher. This is amid-levelposition in Cyber Security, targeted toward individuals with more than 4 years of experience. Educational and personal experience with network/systems administration and/or information security related work is necessary. Expert understanding of modern defensive and offensive security tools, techniques and methods required.
Threat Researchers at Carbon Blackare responsible forleading, conducting and presenting threat research done by the Threat Analysis Unit (TAU).This includes the strong understanding of endpoint detection, cloud technologies, security operations, the current threat landscape, and emerging threats.Threat Researchers are also expected to provide mentorship to other members of the team, take lead in maturing procedures, evaluate new security technologies, and preferablyunderstandincident response or penetration testing processes, and prototype/experiment withinnovative ideasand technologies to improve both our product and services.
Job Role and Responsibility
Perform security research, handle complex security events, and coordinate with other teams.
Create custom rules for dissemination into the Carbon Black product suite.
Ensure that we are implementing best practice security policies that address the client's business needs while protecting their vital corporateassets.
Work closely with internal and external customers for product and service improvements.
Take ownership or support ongoing projects by assisting in the implementation, research, testing and documentation of security related projects.
Dig through large scale data pipelines toupdateourThreat Intelligence Ecosystem.
Research anomalies to uncover new threat actor groups, malware, vulnerabilities, tools, and techniques.
Share data and expertise with private and public communities
Maintain knowledge of emerging security technologies and discipline developments. Research and manage the implementation ofmodern technologiesto enhance our products and customers’ security postures.
Manage and lead evaluations conducted by external third parties, including vulnerability assessments, product efficacy and penetration tests. Respond to reported product security vulnerabilities and bypasses.
Serve as subject matter expert (SME) and tier three support for security team members as they manage security events and incidents.
Train and mentor security leaders and managers, security operations teams, threat intelligence groups and incident responders including team members outside of the TAU group
Actively participate in the Carbon Black User-Exchange community as a subject matter expert, presenting in forums, online, and at conferences.
Ability totranslate attacksor malware techniques into proof-of-concept demonstrations for testing and product improvement.
Build andmaintaindetection and prevention capabilities within the Carbon Black platform.
Deep technical knowledge of the Windows operating system.
Experience with at least one of thefollowinglanguages:Shell scripts, Python,PowerShell, Go, C#
Previousexperience withEndpoint Securityproducts(e.g.,CarbonBlack,Crowdstrike, Symantec, McAfee)
Familiarity of EnterpriseITServices such as Active Directory, Microsoft Exchange,MicrosoftSCCM, AzureAD,IT ConfigurationManagement Tooling
Leverage Carbon Blacks platform and endpoint behavioral data to hunt for threatsanddisseminatethat data to our Intelplatform.
AppControl(Carbon BlackProtection) administration andpractitioner experience.
Strongunderstanding ofWindows system internals
Penetration Testing Tools (e.g.,Metasploit,CobaltStrike, and other popularC2frameworks)as well asotheroffensivetooling
Yara rule authoring
Wellversedin the MITRE ATT&CK Frameworkand how toleverageit in yourday to dayhunting and detection engineering work
PreviousIncident Response or Penetration Testing experience
What You’ll Bring
· Understanding of exploits and attacks against Windows, Linux and OSX systems.
· Understanding defensive capabilities and how attackers bypass them
· Understanding of anti-analysis techniques and how to work around them.
· Ability to analyze malware and extract indicators and feed them back into the products
· Understanding the threat landscape and latest attack techniques
· Strong analytical skills to define risk, identify potential threats, and develop action/mitigation plans. An ability to communicate these concepts to technical and non-technical audiences
· Strong interpersonal skills, ability to mentor/train staff and bring awareness to current and emerging threats
· Certifications a Plus: CISSP, SANS GIAC Certifications (GCIH, GPEN, GSEC, etc.) OSCP/OSCE
· Strong written and verbal communication skills with an ability to present technical risks and issues to non-technical audiences
This position is eligible for CarbonBlackUSA referral campaign
Category : Engineering and Technology
Subcategory: Software Engineering
Experience: Manager and Professional
Full Time/ Part Time: Full Time
Posted Date: 2021-06-04
VMware Company Overview: At VMware, we believe that software has the power to unlock new opportunities for people and our planet. We look beyond the barriers of compromise to engineer new ways to make technologies work together seamlessly. Our cloud, mobility, and security software form a flexible, consistent digital foundation for securely delivering the apps, services and experiences that are transforming business innovation around the globe. At the core of what we do are our people who deeply value execution, passion, integrity, customers, and community. Shape what’s possible today at http://careers.vmware.com.
Equal Employment Opportunity Statement: VMware is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: VMware is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at VMware are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. VMware will not tolerate discrimination or harassment based on any of these characteristics. VMware encourages applicants of all ages. Vmware will provide reasonable accommodation to employees who have protected disabilities consistent with local law. Job ID: R2109181