We have a fantastic opportunity here at Sophos Labs for a Threat Researcher to join our global team of behavior-based detection engineers, to hunt, to research, and to add real-time detection for suspicious activity across our customer environments.
Our team of skilled security experts combine their passion to detect disrupt cyber-attacks with their capability to develop classification rules that can cut through the noise in modern computing environments to tease out attacker s nefarious activities.
You are intrinsically motivated to understand the core logic behind malware and hacking attacks, to find predict new ways attackers will modify their techniques, and take great satisfaction in developing robust detection logic that is immune to evasive actions.
You will be responsible for writing rules that are able to signal early to late-breaking IOCs that highlight customers under attack, which are the foundation of Sophos next-gen approach.
Above all - you enjoy thinking creatively; combining your deep technical knowledge, your tenacity for innovation, and your can-do attitude to solve complex and challenging problems on a daily basis.
As a TTP Detection Engineer, your problem domain will be:
Accurate efficient classification of malicious suspicious behavior
Mapping IOCs to MITRE Attck matrix
Key Responsibilities
Author classification rules, for both Endpoint Cloud scenarios, to identify malicious suspicious use of TTPs
Analyze real world kill chains to discover new TTPs and gaps in coverage
Measure and tune TTP coverage through data mining, customer telemetry internal sandbox feeds
Build maintain playbooks on threat actor TTPs
Skills Experience
Strong knowledge of Windows operating system, internals forensic tools
Programming experience, Python/Lua
Excellent grasp of MITRE Attck tactics, techniques simulation
Familiar with computational cost analysis problem solving to minimize impact
Bachelor degree in Computer Software (Computer Security preferable)
Big data experience, Elastic Search, Kibana, Redshift
Whats Great About Sophos
Our people - we innovate and create, all of which are accompanied by a great sense of fun and team spirit
Employee-led diversity and inclusion networks that build community and provide education and advocacy
Annual charity and fundraising initiatives and volunteer days for employees to support local communities
Global employee sustainability initiatives to reduce our environmental footprint
Global fitness and trivia competitions to keep our bodies and minds sharp
Global wellbeing days for employees to relax and recharge
Monthly wellbeing webinars and training to support employee health and wellbeing
Job Classification
Industry: IT Services & Consulting Functional Area: IT Services & Consulting Role Category: Pharmaceutical & Biotechnology Role: Research Scientist Employement Type: Full time