Staff Security Research Engineer

Overview

We are Proofpoint, a leader in human-centric cybersecurity. We protect organizations and their people by stopping targeted threats and safeguarding data. We work globally with a BRAVE core value system guiding bold, responsive, accountable, visionary, and exceptional execution.

Your Role

Staff Security Research Engineer on Proofpoint’s Threat Research team. You’ll track threat actors, malware, phishing, and TTPs, and develop software to detect and prevent threats for Proofpoint customers.

Your day-to-day

• Design and develop software using a variety of languages, primarily Python, with little external guidance, while providing technical leadership to guide other software engineers on the team
• Modify existing web-based UI for internal tools to maintain and extend the sandbox submission and report UI for Proofpoint threat researchers
• Write C or C++ for low level interactions with the OS as needed
• Develop and maintain web browser interaction capabilities using Chrome web driver
• Analyze and reverse engineer JavaScript that fingerprints web browser artifacts to identify sandbox web browsers or instrumentation, and innovate solutions to defeat those checks
• Familiarity with analyzing web front-end and the Document Object Model (DOM)
• Develop and maintain software for processing network traffic, including TLS decryption and processing PCAP files
• Work closely with threat analysts and detection engineers who research threat actors and write detection rules which run on the systems you develop
• As needed, create new detection languages and systems that allow threat researchers to develop detection rules
• Add features to existing threat detection languages to allow greater flexibility by threat researchers to automate interactions with websites and detect threat patterns
• Make use of AI Large Language Models as appropriate to enhance threat detection pipelines, produce samples to test evasion countermeasures, and decide when AI adds value
• Design and develop automation pipelines to turn manual tasks into automated scripts
• Stay abreast of a constantly evolving threat landscape
• Understand the latest TTPs used by threat actors to bypass detection environments, especially URL sandbox fingerprinting, detection, and evasion techniques
• Provide expert assistance and support to threat researchers and analysts as they analyze phishing websites, threat detection evasion techniques, and security research or red team demonstrations of new evasion techniques
• Reverse engineer malware executable files for Windows as needed to support sandbox countermeasure development (primary responsibilities rest on other roles and are not expected regularly for this role)
• Apply critical thinking to identify efficient and effective threat mitigation approaches
• Work effectively as part of a remote team using chat, video chat and conference calls
• Collaborate with other engineering teams to define requirements for continuous improvement of critical detection capabilities

What You Bring To The Team

• A passion for threat research and a deep understanding of the security threat landscape and actor TTPs
• Ability to write production-grade, reliable Python code with observability and monitoring of performance and errors
• Experience developing software using Docker containers
• Experience developing web browser automation
• Experience analyzing network traffic for threat detection and solid understanding of TLS, HTTP, and other network protocols used by malware
• Ability to work independently and as part of a distributed team
• Ability to operate in a fully remote work environment

The following skills are nice to have, but candidates lacking them should still apply:

• Experience with C and C++
• Experience developing Windows API hooks and researching undocumented Windows API internal functions
• Experience writing malware behavior signatures
• Some experience analyzing malware with a debugger and willingness to learn
• Experience with statically reverse engineering malware using IDA Pro, Ghidra, Binary Ninja, or similar tools
• Ability to interpret forensic output from dynamic analysis (sandbox) environments
• Experience with publicly available malware sandboxes (e.g., Cuckoo, Joe Sandbox, Any Run, Triage)

Additional Information

• Travel 1% - 10% (flexible) for team collaboration or security conferences
• Location: Canada (Remote), US (Remote), Argentina (Remote), UK (Remote), Ireland (Remote), Germany (Remote), France (Remote), Switzerland (Remote)
• Must be able to work during business hours local to your time-zone

Why Proofpoint

We’re customer-focused with leading-edge products and a culture of collaboration and appreciation. We offer a comprehensive compensation and benefits package and opportunities for growth. We have a multi-national presence and encourage applications from diverse backgrounds.

• Competitive compensation
• Comprehensive benefits
• Learning & Development with leadership and professional development programs
• Flexible remote/work options
• Annual wellness and community outreach days
• Recognition of contributions
• Global collaboration and networking opportunities

Our Culture

Our culture values belonging, purpose, and success for everyone. If you need accommodation during the application process, please contact

#J-18808-Ljbffr