Devo Technology is the only cloud-native logging and security analytics platform that releases the full potential of your data to empower bold, confident action. With unrivaled scale to collect all of your data without compromise, speed to give you immediate access and answers, and clarity to focus on the signals that matter most, Devo Technology is your ally in protecting your organization today and tomorrow. Headquartered in Cambridge, Mass., Devo Technology is backed by Insight Partners, Georgian, TCV, General Atlantic, Bessemer Venture Partners, Kibo Ventures and Eurazeo. Learn more at www.devo.com

Devo Technology is proud to be recognized as a Great Place to Work®.

The Security Content Researcher is often considered one of the most important roles within the Devo Technology organization. Your mission is to ensure Devo Technology and our customers are adequately protected from ongoing security threats.

RESPONSIBILITIES:

● Use and grow your deep security knowledge to dive deep into the latest security threats and published research.

● Help improve the Devo platform by designing new ways to detect potential threats and adversaries and guide the development of alerts and response to known security threats.

● Advise Devo and customer SOC teams with alert integration and usage and help formulate future requirements for additional alerts.

● Write and maintain custom scripts to increase system efficiency and lower the human intervention time on any tasks.

● Harness your deep security knowledge to preemptively identify potential weaknesses in the Devo platform.

● Publish articles for circulation in the security community discussing newly discovered threats and how Devo can help protect against them.

● Collaborate remotely with the global security research and content engineering team members.

● Evangelize security to our customers.

REQUIREMENTS:

• Ability to communicate deep technical issues or concerns to a non-technical audience
• Strong understanding of the MITRE ATT&CK Framework and well-known threat groups TTP's
• Experience with EDR solutions.
• Knowledge of operating systems.
• Ability to create attack scenarios, and adapt and execute software on these scenarios.
• Experience in evaluating the events that occurred during an attack.
• Demonstrated experience with source code management software (SCM) such as Git, Github or Gitlab
• Ability to set up virtualized environments and exploit those environments
• At least 2+ years of experience conducting penetration tests or blue/purple -teaming against them
• A high degree of comfort with automating workflows using PYTHON, open source tools, and APIs
• Strong network security architecture knowledge. Best practices, OSI model, protocols, architectures, etc.
• Self-starter that's experienced working with team members in different time zones around the world
• Strong and confident communicator (written and verbal English)

Desired:

• Previous experience in a SOC
• Previous experience working with engineering teams.
• Familiarity with Jenkins or other CI/CD environments.
• Experience and technical administrative familiarity with multiple OS and cloud stacks.
• Knowledge and experience with workflow and collaboration toolings such as Atlassian Jira and Confluence
• Familiar with Machine Learning and analytics technologies (BigML, H2O…).
• Passion and hands-on security experience are preferred, but industry-recognized security certifications (such as Security+, CEH, CISSP, OSCP, etc.) are ok if you're transitioning from another technical engineering field to becoming a security researcher. Passion and talent trump certifications!
• Presented your own novel security research at a major security conference? (e.g., Blackhat, DEFCON, RSA, etc.) You're awesome – we want you!