Devo, the cloud-native logging and security analytics company, empowers security and operations teams to maximize the value of all their data. Only the Devo platform delivers the powerful combination of real-time visibility, high-performance analytics, scalability, multitenancy, and low TCO crucial for monitoring and securing business operations as enterprises accelerate their shift to the cloud. Headquartered in Cambridge, Mass., Devo is backed by Insight Partners, Georgian, and Bessemer Venture Partners. Learn more at www.devo.com.

A Senior Security Researcher at Devo teams with our data science and security content engineering teams to research and innovate the threat detection and incident response technologies that empowers the Devo product and ensures our customers stay ahead of the threat.

As a proven subject matter expert, a senior security researcher brings their deep knowledge and years of hands-on security experience to the table and joins with peer experts in machine learning, artificial intelligence, and protection engineering to craft advanced security solutions.

When not working on new detection technologies, a senior security researcher can expect to research new security topics, engage in bug-hunts, develop new tactics and techniques relevant to our product areas, and contribute to the community in a way that helps grow both personal and company brands.

Responsibilities:

• Research and co-design new ways to detect potential threats and adversaries and guide the development of alerts and response for new security threats.
• Research and understand attacker TTPs across enterprise environments and diverse technology platforms at the host, network, cloud, and identity level.
• Team with experts in machine learning and artificial intelligence to innovate threat detection and automated response solutions.
• Acquire, vet, and triage security datasets used by data science teams and help train new machine learning and behavioral anomaly detection systems.
• Apply your expert insights and experience in identifying and classifying new attacks and threats, understanding the detection and mitigation techniques to problems that matter to our customers
• Use and grow your deep security knowledge to dive deep into the latest security threats and published research.
• Advise Devo and customer SOC teams with alert integration and usage and help formulate future requirements for additional alerts.
• Harness your deep security knowledge to preemptively identify potential weaknesses in the Devo platform.
• Publish articles for circulation in the security community discussing newly discovered threats and how to protect against them.
• Collaborate remotely with global security research, data science, and content engineering team members.

Qualifications:

• 5+ years direct experience in areas of security research, threat analysis, threat intelligence, enterprise and cloud security management, or incident response
• Knowledgeable in offensive security and/or incident response within large enterprise environments
• Proficiency with host forensics and memory analysis tools to study advanced threat actor activities
• Proficiency with event log analysis within enterprise-grade hybrid and AWS/Azure/GCP environments
• Knowledge of corporate security investigation and incident response processes, along with malware detection and mitigation technologies
• Knowledge of the MITRE ATT&CK Framework and well-known threat actor TTP’s
• Demonstrated experience with code management tooling such as Git, Github, Gitlab
• High degree of comfort automating workflows using python, open-source tools and APIs
• Strong network security architecture knowledge
• Strong problem solving, troubleshooting and analysis skills
• Excellent written and verbal communication skills
• Excellent inter-personal and teamwork skills - experienced working with team members in different time zones around the world
• Proactive, hard-working team player that is self-driven and able to efficiently work remotely without close supervision
• Ability to communicate deep technical issues or concerns to a non-security audience

Preferred Qualifications:

• Familiar with Machine Learning and analytics technologies and experience working with engineering or data science teams
• 2+ years of attack and penetration testing experience in hybrid cloud environments; or 2+ years of forensic investigation within large enterprise environments
• System administrator knowledge and troubleshooting skills in Microsoft Windows and Linux.
• Strong knowledge of networking and network application concepts: TCP/IP, UDP, HTTP, TLS, FTP, RPC, DNS, SMB, Kerberos, etc.
• Knowledgeable in network and application protocols, including traffic analysis proficiency with network forensics tools such as Wireshark and tcpdump
• Knowledge and experience with workflow and collaboration tooling such as Atlassian, Jira and Confluence

Any industry recognized certification such as Security+, CEH, CISSP, OSCP, etc., or have presented novel security research at a major international security conference (e.g., Blackhat, DEFCON, RSA, etc.)