Job description
Vectra® is the leader in AI-driven threat detection and response for hybrid and multi-cloud enterprises.
The Vectra Platform captures packets and logs across network, public cloud, SaaS, and identity by applying patented security-led AI to surface and prioritize threats for rapid threat response. Vectra's threat detections are powered by a deep understanding of attacker methods and problem-optimized AI algorithms. Alerts uncover attacker methods in action and are correlated across customer environments to expose real attacks. Organizations around the world rely on Vectra to see and stop threats before a breach occurs. For more information, visit www.vectra.ai.
Security Researcher
Position Overview
Vectra AI's Security Research Team represents the core security knowledge and research capability within the company – tasked with powering our leading-edge technologies and aiding customers. As a member of the Vectra AI Security Research team, you will be part of a highly experienced organisation and respected authority on security threats and attack techniques.
Serving in the role of Security Researcher, you will have a direct impact on the direction of the company by researching threats, understanding how they appear on the network and in the cloud, helping technically shape the product direction. Some of the specific responsibilities include:
- Perform leading edge security research for network based threats – systems analysis, APT threat modelling, tools assessment, network/protocol analysis, etc.
- Working directly with our Data Science colleagues, develop detection capabilities which will be incorporated into the product
- Participate in on-going efficacy testing of our detection capabilities, producing gap analyses, attack samples, remediation recommendations, and document findings for broad use across the company
Vectra offers the opportunity to be on the leading edge of cyber security – helping us grow a world-renowned security research organisation. As the researcher tasked with inventing and improving security detection technologies, you will be an integral part of our success.
When not working on new detection technologies, as a security researcher, you are expected to research new security topics, engage in bug-hunts, develop new tactics and techniques relevant to our product areas, and contribute to the community in a way that helps grow both your personal and company brands.
What You Will Do [Responsibilities]
- Research and understand attacker TTPs to remain current as a subject matter expert within Vectra
- Research new threat detection technologies and investigate innovative approaches to finding attackers operating within customer environments
- Collaborate across Vectra to identify, research, and develop new detection models – working hand-in-hand with members of data science, consulting services, and other product teams
- Replicate attacker techniques and tooling to produce samples for use during detection development and for detection validation and gap identification
- Pursue security research topics that contribute to the knowledge and enumeration of new threats, tactics, and techniques in network, cloud, and hybrid environments
- Provide an attackers-eye-view to the evidence presented by Vectra products and educate customers to the technical nature of the threat
What Will You Need [Requirements]
- 3+ years of attack and penetration testing experience in a network environment; or
- 3+ years direct experience in areas of security research, malware analysis, or incident response
- Knowledge of corporate security investigation and incident response processes, along with malware detection and mitigation technologies
- Solid programming skills with scripting languages such as Python
- Strong problem solving, troubleshooting and analysis skills
- Excellent written and verbal communication skills
- Excellent inter-personal and teamwork skills
- Proactive, hard-working team player with a good sense of humour
- Self-driven, able to efficiently work remotely without close supervision
- Attack simulation experience;
- Knowledgable of the Tools, Techniques, and Procedures of advanced threat actors
- Proficiency with common attacker and red team tools and frameworks: Cobalt Strike, Metasploit, Empire, Mimikatz, impacket, CrackMapExec, etc.
- Ability to realistically recreate advanced threat actor TTPs within controlled environments
- Network experience:
- Knowledgeable in network and application protocols, and traffic analysis (network forensics)
- Proficiency with network traffic analysis and network forensics tools such as Wireshark and tcpdump
- Proficiency with host forensics and memory analysis tools to study advanced threat actor activities
- Strong knowledge of networking and network application concepts: TCP/IP, UDP, HTTP, TLS, FTP, RPC, DNS, SMB, Kerberos, etc.
What Will Help You
- Professional or academic research in advanced security threats
- Operational experience in infosec as an incident handler/responder, red teamer, administrator, or internal consultant
- Experience with big data technologies
- Participation in the broader infosec community with requisite contacts and access to external intelligence sources
- Understanding the lifecycle and economics of modern malware and advanced threats
Vectra is committed to creating a diverse environment and is proud to be an equal opportunity employer.
We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status.