Compensation Overview

About The Role

Abnormal Security is seeking a Head of Threat Intel and Research to join the Security team. As a leading cybersecurity company, it is imperative we find, analyze, and report on threat actors and techniques and leverage that knowledge to enhance and improve our platform’s capabilities to catch new and novel attacks. This role will analyze attacks to identify new threat actors and provide analysis and content on these attacks to the overall cybersecurity community and Abnormal’s customers.  You will also be responsible for crafting and owning the processes uncovering novel threats, trends of attackers, profile threat actor groups, working closely with the product team to identify use cases and provide deep insight to the core platforms that Abnormal protects. The ideal candidate will have a bias toward execution, be willing to roll up their sleeves, can find the ‘needle in a haystack’, and be able propose solutions in a cross-functional, collaborative manner.  

About You

• Strong oral and written communication and presentation skills; the ability to quickly build rapport with internal and external stakeholders
• Proven track record of execution in building and leading a threat intel and research function for a cybersecurity product company
• Analytical skills, with the ability to identify patterns, trends, and anomalies in large and complex data sets
• Team player, collaborative work style
• High attention to detail, process, and organization
• Outstanding analytical skills and exercises good business judgment
• Demonstrated experience presenting detailed, technical concepts to both technical and non-technical audiences
• Results-oriented, values collaboration, self-motivated, and willing to adapt to change in a fast-moving environment
• Ability to manage multiple priorities and meet deadlines in a fast-paced environment
• Operate within an agile environment, and provide leadership to adapt to dynamics in technology, industry, cyber threats, and our own business

What You Will Do 

• Conduct research to support durable detection investments and improve customer experience. Research will include analysis of email threats, which are included but not limited to phishing attacks, Phishing as a service (PhaaS), spear phishing, business email compromise (BEC), and ransomware campaigns
• Research and investigate account takeover (ATO) attacks impacting cloud hosted email (M365, GWS), major SaaS platforms (Salesforce, ServiceNow, Workday), and cloud infrastructure platforms ( AWS, Azure, GCP). The ability to decompose and describe the techniques, tactics, and procedures (TTPs) attackers use to successfully execute these attacks
• Lead a matrixed team of SaaS product experts to guide and inform product development teams on attack techniques, secure posture of the platforms, and in-depth guidance on detecting and remediating attackswithin each platform
• Develop and maintain a comprehensive understanding of the evolving tactics, techniques, and procedures (TTPs) used by threat actors in email-based attacks. Stay current with industry trends, security vulnerabilities, and email security best practices to anticipate and counter emerging threats effectively
• Identify external sources of information that could improve email understanding, including domain data, IP data, and IOC feeds. Own the process of procuring and validating the usefulness of these tools in the threat hunting use case. 
• Produce collateral and output to the Abnormal Intelligence website + Jira/Confluence on a regular cadence
• Collaborate with Detection teams to investigate and analyze suspicious emails and campaigns, providing actionable insights and recommendations for detection and response
• Operate and mature an iterative Threat hunting cycle, which involves searching our data for threat trends and creating reports of these trends to inform Detection investment
• Own and operate a 30-60 minute "threat deep dive" process in which this individual walks the members of the engineering team through threats that have been missed
• Serve as the threat intel/email understanding expert in the room during “FN reviews” with the Message Detection (Machine Learning Engineering) team
• Analyze and assess platform postures and educate engineering on the risks and signals associated with risky posture settings
• Work closely with the content marketing team to publish findings, reports, and blog posts to help establish Abnormal as a thought leader and the ‘go to’ spot for the latest information on sophisticated social engineering, email, and ATO attacks

Must Have 

• Bachelor’s Degree in Information Security, Computer Science, Digital Forensics, Cyber Security, or equivalent years of professional experience to meet job requirements and expectations
• 5+ years of experience in the security domain, including both a detailed understanding of attacker techniques and tracking the threat actors behind specific campaigns
• 3+ years of direct experience in security research, malware analysis, or incident response
• 2+ years working within the email threat landscape
• Experience working with and understanding phishing kits/PhaaS providers (e.g., Caffeine)
• Direct experience querying and analyzing large datasets (e.g., SQL, Python, KQL/Azure Data Explorer, Excel, PowerBI, etc.)
• Experience analyzing email headers and email/web security protocols
• Malware analysis (PE Files, Script Files, Office Files)
• Yara, RegEx, or comparable rule-writing experience
• Scripting languages (e.g., Python, PowerShell)
• Understand OWASP & MITRE ATT&CK framework
• For non-NAM candidates: must be willing to work NAM hours (around 3-5 meetings per week in NAM hours)

Nice to Have 

• Advanced degree in Computer Science, Engineering, or Cybersecurity
• OSCP, OSCE, or GPEN, GCIH, GCPN, GWAPT certifications
• Experienced with security assessment tools, including Nessus, OpenVAS, Metasploit, Burp Suite Pro, Cobalt Strike, Bloodhound, Empire, Mimikatz, Impacket, etc.

#LI-RT1