Threat Researcher

    • Boston, MA



Job Description

Job Role and Responsibility

· Perform security research, handle complex security events, and coordinate with other teams

· Ensure that we are implementing best practice security policies that address the client's business needs while protecting their vital corporate assets

· Work closely with internal and external customers for product and service improvements.

· Take ownership or support ongoing projects by assisting in the implementation, research, testing and documentation of security related projects.

· Dig through large scale data pipelines to help build a massively scalable, automatically updating Threat Intelligence Ecosystem.

· Research anomalies to uncover new threat actor groups, malware, vulnerabilities, tools, and techniques.

· Share data and expertise with private and public communities

- Create custom rules for dissemination into the Carbon Black product suite.

· Maintain knowledge of emerging security technologies and discipline developments. Research and manage the implementation of new technologies to enhance our products and customers' security postures.

· Manage and lead evaluations conducted by external third parties, including vulnerability assessments, product efficacy and penetration tests. Respond to reported product security vulnerabilities and bypasses.

· Serve as subject matter expert (SME) and tier three support for security team members as they manage security events and incidents.

· Being the voice of the Research team to Product Marketing and Engineering, enabling us to respond to real world customer demands and capabilities.

· Train and mentor security leaders and managers, security operations teams, threat intelligence groups and incident responders including team members outside of the TAU group

· Actively participate in the Carbon Black User-Exchange community as a subject matter expert, presenting in forums, online, and at conferences.



Required Skills

· Advanced skills in Windows, Linux, and/or OSX

· Experience with a number of the following is a requirement: Unix Shell scripts, Python, Powershell, Go, C#

· Endpoint Security (e.g. Carbon Black Protection, Carbon Black Response, Symantec, McAfee, Forefront)

· Windows Management (e.g. WSUS, SCCM, SCOM, Active Directory, Group Policy Objects,)

· Vulnerability Management (e.g. Nexpose, Tenable Nessus, Qualys)

· Penetration Testing Tools (e.g. Metasploit, Backtrack, Kali) and offensive techniques

· Blue Team Detection Engineering (e.g. SIEM, Firewall, IDS, IPS, AntiVirus, EDR, etc.)

· Operating Systems (e.g. Windows Desktops and Servers 2008/2012 etc, CentOS/Ubuntu/Debian Linux, OSX)

· Ability to translate descriptions of attacks or malware techniques into proof of concept demonstrations for testing and product improvement.

Preferred Skills

· Experience with building and/or managing large scale virtualized attack "firing ranges"

· Windows system internals experience

· Knowledge of x86 and x64 instruction set architectures

· Ability to use IDA Pro for reverse engineering, as well as other debuggers, hex editors, and disassemblers

· Previous Incident Response or Penetration Testing experience



What You'll Bring

· Understanding of exploits and attacks against Windows, Linux and OSX systems.

· Understanding defensive capabilities and how attackers bypass them

· Understanding of anti-analysis techniques and how to work around them.

· Experience creating and/or developing analysis environments

· Ability to analyze malware and extract indicators and feed them back into the products

· Understanding the threat landscape and latest attack techniques

· Strong analytical skills to define risk, identify potential threats, and develop action/mitigation plans. An ability to communicate these concepts to technical and non-technical audiences

· Strong interpersonal skills, ability to mentor/train staff and bring awareness to current and emerging threats

· Certifications a Plus: CISSP, SANS GIAC Certifications (GCIH, GPEN, GSEC, etc.) OSCP/OSCE

· Strong written and verbal communication skills with an ability to present technical risks and issues to non-technical audiences



VMware is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: VMware is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at VMware are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. VMware will not tolerate discrimination or harassment based on any of these characteristics. VMware encourages applicants of all ages. VMware will provide reasonable accommodation to employees who have protected disabilities consistent with local law.


Back to top