Sr/Threat Research Engineer
- Pune, India
VMware Carbon Black, the leader in advanced threat protection, is seeking a Threat Researcher. This is a mid level position in Cyber Security, targeted toward individuals with more than 4 years of experience. Educational and personal experience with network/systems administration and/or information security related work is necessary. Expert understanding of modern defensive and offensive security tools, techniques and methods required.
Threat Researchers at Carbon Black are responsible for leading, conducting and presenting threat research done by the Threat Analysis Unit (TAU). This includes the strong understanding of endpoint detection, cloud technologies, security operations, current threatscape, and emerging threats. Threat Researchers are also expected to provide mentorship to other members of the team, take lead in maturing procedures, evaluate new security technologies, and preferably have an understanding of incident response or penetration testing processes, and prototype/experiment with new ideas and technologies to improve both our product and services.
You will be responsible for incident analysis, performing root cause analysis (RCA), authoring expert rules for threat detection, and threat research in general. You'll also be required to figure out the TTPs, map out an attack across the network, endpoint, and any other relevant activity. In this role you'll play a significant role in shaping the product to attain high efficacy.
You should be passionate about threat research and willing to work closely with data engineers and scientists to build brain and muscle in VMware security products.
• Perform security research, handle complex security events, and coordinate with other teams
• Work closely with internal and external customers for product and service improvements.
• Take ownership or support ongoing projects by assisting in the implementation, research, testing and documentation of security related projects.
• Dig through large scale data pipelines to help build a massively scalable, automatically updating Threat Intelligence Ecosystem.
• Research anomalies to uncover new threat actor groups, malware, vulnerabilities, tools, and techniques.
• Share data and expertise with private and public communities
- Create custom rules for dissemination into the Carbon Black product suite.
• Maintain knowledge of emerging security technologies and discipline developments. Research and manage the implementation of new technologies to enhance our products and customers' security postures.
• Manage and lead evaluations conducted by external third parties, including vulnerability assessments, product efficacy and penetration tests. Respond to reported product security vulnerabilities and bypasses.
• Serve as subject matter expert (SME) and tier three support for security team members as they manage security events and incidents.
• Being the voice of the Research team to Product Marketing and Engineering, enabling us to respond to real world customer demands and capabilities.
• Train and mentor security leaders and managers, security operations teams, threat intelligence groups and incident responders including team members outside of the TAU group
• Actively participate in the Carbon Black User-Exchange community as a subject matter expert, presenting in forums, online, and at conferences.
5-12 years of experience in threat analysis, incident response, SOC or research
Familiarity with administering or triaging of Linux and MacOS operating systems is a must
Experience working in a SOC environment is a huge plus Familiarity with C/C++/Assembly language programming is a plus Familiarity with MITRE ATT&CK™ framework is a plus
Bachelor's degree or higher in computer science is preferred but relevant industry experience is ok
VMware is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: VMware is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at VMware are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. VMware will not tolerate discrimination or harassment based on any of these characteristics. VMware encourages applicants of all ages. VMware will provide reasonable accommodation to employees who have protected disabilities consistent with local law.
Back to top