*This is a hybrid role for San Jose, CA; Austin, TX or Boston, MA

Position Overview

Vectra AI’s Security Research Team represents the core security knowledge and research capability within the company primarily tasked with powering our leading-edge technologies and aiding customers. As a member of the Vectra AI Security Research team, you will be part of a highly experienced organization and respected authority on security threats and attack techniques.

Serving in the role of Sr. Security Researcher, you will have a direct impact on the direction of the company by researching threats, understanding how they appear on the network and in the cloud, helping technically shape the product direction. Some of the specific responsibilities include:

• Perform leading edge security research for network based threats – systems analysis, APT threat modeling, tools assessment, network/protocol analysis, etc.
• Working directly with our Data Science teams, developing detection capabilities which will be incorporated into the product
• Participate in on-going efficacy testing of our detection capabilities, producing gap analyses, attack samples, remediation recommendations, and document findings for broad use across the company

Vectra offers the opportunity to be on the leading edge of cyber security – helping us grow a world-renowned security research organization. As the researcher tasked with inventing and improving security detection technologies, you will be an integral part of our success.

When not working on new detection technologies, as a security researcher, you are expected to research new security topics, engage in bug-hunts, develop new tactics and techniques relevant to our product areas, and contribute to the community in a way that helps grow both your personal and company brands.

What You Will Do

• Research and understand attacker TTPs to remain current as a subject matter expert within Vectra
• Research new threat detection technologies and investigate innovative approaches to finding attackers operating within customer environments
• Collaborate across Vectra to identify, research, and develop new detection models – working hand-in-hand with members of data science, consulting services, and other product teams
• Replicate attacker techniques and tooling to produce samples for use during detection development and for detection validation and gap identification
• Pursue security research topics that contribute to the knowledge and enumeration of new threats, tactics, and techniques in network, cloud, and hybrid environments
• Provide an attackers-eye-view to the evidence presented by Vectra products and educate customers to the technical nature of the threat

What Will You Need 

• Passion for cyber security
• 5+ years of attack and penetration testing experience in a network environment; or
• 5+ years direct experience in areas of security research, malware analysis, or incident response
• Knowledge of corporate security investigation and incident response processes, along with malware detection and mitigation technologies
• Solid programming skills with scripting languages such as Python
• Strong problem solving, troubleshooting and analysis skills
• Excellent written and verbal communication skills
• Excellent inter-personal and teamwork skills
• Proactive, hard-working team player with a good sense of humor
• Self-driven, able to efficiently work remotely without close supervision
• Attack simulation experience;
•  Knowledgeable of the Tools, Techniques, and Procedures of advanced threat actors
• Proficiency with common attacker and red team tools and frameworks: Cobalt Strike, Metasploit, Empire, Mimikatz, impacket, CrackMapExec, etc.
• Ability to realistically recreate advanced threat actor TTPs within controlled environments
• Network experience:
• Knowledgeable in network and application protocols, and traffic analysis (network forensics)
• Proficiency with network traffic analysis and network forensics tools such as Wireshark and tcpdump
• Proficiency with host forensics and memory analysis tools to study advanced threat actor activities
• Strong knowledge of networking and network application concepts: TCP/IP, UDP, HTTP, TLS, FTP, RPC, DNS, SMB, Kerberos, etc.

What Will Help You

• Professional or academic research in advanced security threats
• Operational experience in infosec as an incident handler/responder, red teamer, administrator, or internal consultant
• Experience with big data technologies
• Participation in the broader infosec community with requisite contacts and access to external intelligence sources
• Understanding the lifecycle and economics of modern malware and advanced threats