Senior Threat Researcher
Carbon Black via Stack Overflow
Jun 1st 2018
Why Carbon Black?
At Carbon Black, you'll have the chance to make an impact in the ever-evolving cybersecurity space. Our advanced technology tackles even the toughest challenges and stays ahead of the latest threats.
If you want to join an agile company that's building bleeding edge technology in the cloud, Carbon Black is the place for you. Driven by passionate people who are dedicated to making the world safer, it's no wonder we've been named a “Top Place to Work” by the Boston Globe for four consecutive years. Join us!.
Why You Matter
Carbon Black, the leader in advanced threat protection, is seeking a Senior Threat Engineer. This is a senior level position targeted toward individuals with more than 10 years of experience in software development.
Experience in software development, debugging, and testing - including in languages such as C++, C, python, assembly, and shell scripting is required. Understanding of modern defensive and offensive security tools, techniques and methods is also required. Educational and personal experience with network/systems administration and/or information security related work is necessary.
Senior Threat Engineers at Carbon Black are responsible for leading, conducting and presenting threat research done by the Threat Analysis Unit (TAU) and building systems used across our security program. This includes the strong understanding of endpoint detection, cloud technologies, security operations, current threatscape and emerging threats. Senior Threat Engineers will participate in the design, development, and deployment of tools to assist in threat research and security frameworks utilized by our products. Senior Threat Engineers are also expected to provide mentorship to other members of the team, and take lead in maturing procedures, evaluating new security technologies, incident response, penetration testing, and prototype/experiment with new ideas and technologies to improve both our product and services.
What You'll Do
- Actively work on current software development projects related to product enhancements and efficacy. Create new software tools for internal research and development.
- Design and implement software proof of concepts for emerging malware technique detections.
- Performs security research, reverse engineer malware, handle complex security events, and analyze incident response, and coordinating with other teams.
- Work closely with internal and external customers for product and service improvements.
- Take ownership or support ongoing projects by assisting in the implementation, research, testing and documentation of security related projects.
- Maintain knowledge of emerging security technologies and discipline developments. Research and manage the implementation of new technologies to enhance our products and customers' security postures.
- Actively participate in the Carbon Black User-Exchange community as a subject matter expert, presenting in forums, online and at conferences.
Technical Skills / Experience:
- Experience with a number of the following is a requirement: C, C++, x86/x64 assembly, Python, Unix Shell scripts, Powershell
- Experience in participating in medium and large scale software development projects - from initial conception and design to final deployment.
- Experience with Java or C# is a plus
- Windows operating system internals (registry, APIs, kernel operations, forensic artifacts)
- Windows development of user mode applications using Visual Studio. Kernel development experience is a plus. Development on other platforms other than Windows is also a plus.
- Ability to translate descriptions of attacks or malware techniques into proof of concept demonstrations for testing and product improvement.
What You'll Bring
- Windows or other operating system internals experience
- Knowledge of x86 and x64 instruction set architectures
- Knowledge of user and kernel level debuggers and static analysis applications such as WinDbg, OllyDbg, x64dbg, Binary Ninja, or IDA Pro
- Ability to analyze malware, determine TTPs (tactics, techniques, and procedures) unique to threat actors, and extract indicators to feed back into the products
- Strong interpersonal skills, ability to mentor/train staff and bring awareness to current and emerging threats
- Certifications preferred: CISSP, OSCP/OSCE, SANS GIAC Certifications (GREM, GCFA, GCFE)
- Strong written and verbal communications skills with an ability to present technical risks and issues to non-technical audiences