Sr Threat Engineer - EN

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! As a Senior Engineer, Threat Research, you will be part of a highly motivated and skilled engineering team that is responsible for the research, development, and delivery of detections in the Qualys on-demand security service. This opening in the Qualys Threat Research Unit (TRU) is your opportunity to work in the rapidly expanding field of computer security with a company with excellent customer ratings and outstanding growth rates. 

Qualifications:

• 5+ years of experience in a technical role in the areas of Detection Engineering, Security Operations, Threat Research or Security Research.
• Experience analyzing attacker techniques that leverage email and cloud-service tactics. 
• Skilled working with extremely large data sets, using tools and scripting languages such as: Excel, PowerShell, Python.
• Analyze and research emerging security events such as malwares, vulnerabilities and exploits.
• Collaboration skills with other teams in developing and adding cross-product intelligence.
• Working closely with Security Incident Response, Purple, Threat Intel, Red teams.

Responsibilities:

• BS/BA/MS degree in a relevant technical field, or equivalent experience.
• Knowledge to expand telemetry and detection coverage by developing additional logging pipelines and alerting and detection strategies.
• Experience with building, testing and deploying detection analytics based on research of novel attack techniques and real world threats.
• Understanding of kill-chain and security frameworks (MITRE ATT&CK, etc.)
• In-depth knowledge of adversary capabilities, infrastructure, and techniques.
• Knowledge of operating system internals, OS security mitigations. 
• In-depth knowledge of security logging for Linux, macOS, or Windows operating systems.
• Experience with Python and various scripting languages is desired.
• Vast knowledge of security content creation and industry standard alerting techniques.
• Experience with EPP/EDR technologies.
• Knowledge of networking and the TCP/IP stack.
• Develop tools to automate and scale detection and response activities.
• Knowledge of networking protocols and application file formats like PE, OLE files, and operating system internals
• Experience with curation of Threat Intelligence.
• Experience with offensive security including tools such as Metasploit, exploit development, Open Source Intelligence Gathering (OSINT), and designing ways to breach enterprise networks.
• Experience with reverse engineering, digital forensics (DFIR) or incident response, or machine learning models.