Threat Researcher at VMware Carbon Black
Why You MatterCarbon Black, the leader in advanced threat protection, is seeking an Associate Threat Researcher. This is an entry level position in Cyber Security, targeted towards individuals with at least 1 year of working experience in cyber security or related 4-year educational and/or personal experience with network/systems administration and/or information security related work. Intermediate understanding, at a minimum, of modern defensive and offensive security tools, techniques and methods is required.
Threat Researchers at Carbon Black are responsible for leading, conducting and presenting threat research performed by the Threat Analysis Unit (TAU) and building systems used across our security program. This includes a basic understanding of endpoint detection, cloud technologies, security operations, current threat landscape and emerging threats. Threat Researchers are also expected to provide mentorship to other members of the team, and take the lead in documenting and improving procedures, evaluating new security technologies, incident response, penetration testing, and prototyping/experimenting with new ideas and technologies to improve both our product and services.
What You’ll Do
Perform security research, handle complex security events, analyze attacks, create detections, and coordinate enhancements with other teams
Ensure that we are implementing best practice security policies that address the client's business needs while protecting their vital corporate assets
Work closely with internal and external customers for product and service improvements.
Take ownership or support ongoing projects by assisting in the implementation, research, testing, and documentation of security related projects.
Parse through large scale data pipelines to help build a massively scalable Threat Intelligence Ecosystem.
Research anomalies to uncover new threat actor groups, malware, vulnerabilities, and TTPs.
Share and present data and expertise with private and public communities both online and at conferences.
Create custom rules for dissemination into the Carbon Black product suite.
Maintain knowledge of emerging security technologies and discipline developments. Research and manage the implementation of new technologies to enhance our products and customers’ security postures.
Championing the Research team to Product Marketing and Engineering, enabling them to respond to real world customer demands and capabilities.
Actively participate in the Carbon Black User-Exchange community, presenting in forums, online and at conferences.
Technical Skills / Experience:
Intermediate skills in Windows, Linux, and/or OSX
Experience with at least one of the following is a requirement: Unix Shell scripts, Python, Powershell, C#
Endpoint Security (e.g. Carbon Black Protection, Carbon Black Response, Symantec, McAfee)
Penetration Testing Tools (e.g. Metasploit, Cobalt Strike, Empire, Kali) and other offensive techniques
Experience and working knowledge of the MITRE ATT&CK framework
Blue Team Detection Engineering (e.g. SIEM, Firewall, IDS, IPS, AntiVirus, EDR, etc.)
Familiarity with basic fundamentals of Operating Systems (e.g. Windows Desktops and Servers 2008/2012 etc, CentOS/Ubuntu/Debian Linux, OSX)
Ability to translate descriptions of attacks or malware techniques into proof of concept demonstrations for testing and product improvement.
Experience with building and/or managing large scale virtualized attack “firing ranges” a plus
What You’ll Bring
Understanding of exploits and attacks against Windows, Linux and OSX systems
Understanding defensive capabilities and how attackers bypass them
Experience creating and/or developing analysis environments
Ability to analyze malware and extract indicators and feed them back into the products
Understanding the threat landscape and latest attack techniques
Strong analytical skills to define risk, identify potential threats, and develop action/mitigation plan. An ability to communicate these concepts to technical and non-technical audiences
Strong interpersonal skills, ability to mentor/train staff and bring awareness to current and emerging threats
Certifications a plus: Sec+, CISSP, SANS GIAC Certifications (GCIH, GPEN, GSEC, etc.) OSCP/OSCE
Strong written and verbal communication skills with an ability to present technical risks and issues to non-technical audiences
A positive attitude and eagerness to learn
VMware is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: VMware is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at VMware are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. VMware will not tolerate discrimination or harassment based on any of these characteristics. VMware encourages applicants of all ages. VMware will provide reasonable accommodation to employees who have protected disabilities consistent with local law.