Threat Research Engineer
LogRhythm is a world leader in NextGen Security Information and Event Management (SIEM), empowering organizations to successfully reduce risk by rapidly detecting, responding to and neutralizing damaging cyberthreats. Our platform combines user and entity behavior analytics (UEBA), network traffic and behavior analytics (NTBA) and security automation & orchestration (SAO) in a single end-to-end solution. Among other accolades, LogRhythm is positioned as a Leader in Gartner’s SIEM Magic Quadrant. We are based in Boulder, CO with offices in Maidenhead UK, Dubai, Australia, Singapore, Germany and The Netherlands.
We are looking for a Principal Threat Research Engineer that will help drive the R&D efforts of the LogRhythm Labs team; taking threat research (attackers and their tactics, techniques, and procedures) and turning that into actionable intelligence for our SIEM. This critical role offers the opportunity to join the fastest growing private SIEM solution provider and join a team whose production continues to have a significant impact on the growth of LogRhythm.
This position gives you the ability expand your career in Incident Response (forensics, malware analysis), Threat Intelligence, and Penetration Testing. You’re primarily responsible for enabling our customers to better protect, detect, and respond to damaging threats. This is an opportunity to work with the most advanced SIEM solution in the world to develop content that operationalizes threat intelligence.
- Develop content, analytics and detection around threat actor’s tactics, techniques & procedures that is deliverable through our knowledge base updates.
- Research and test new attacker techniques, detection, mitigation and remediation strategies against LogRhythm products.
- Develop content that leverages LogRhythm product features to quickly and efficiently detect and respond to security events
- Maintain LogRhythm threat detection content for delivery to customers
- Analyze and investigate malicious files, create actionable intelligence from analysis results.
- Investigate and track cyber adversaries through open source and other threat intelligence.
- Be an active member in the intelligence community through presentations, blogging, forum participation, whitepapers and other dissemination techniques.
- Be a subject matter expert in threat research; staying ahead of the latest attacks, breaches, methods, and trends used in real world compromises
- Assist the internal security team with analysis and response to advanced security threats.
- 3+ years of educational and/or industry experience.
- Deep technical understanding of computer operating systems, computer hardware, software, and network infrastructure.
- Experience using computer security, forensic and threat intelligence tools.
- Understanding of vulnerabilities, exploits and the latest attack vectors.
- Knowledge of IT infrastructure and its role in security; hands-on experience with host, network, and user technologies, to include the analytics that drive them.
- Incident response experience, in which you performed in-depth forensics analysis against network data, system data, log data, and other malicious files.
- The ability to communicate your ideas via written and verbal communications such as writing blog posts and creating webinar content for delivery to customers.
- Experience writing program code and interfacing with web service APIs.
- Demonstrable experience with one or more of the following:
- Python, PowerShell, Bash, PHP, HTML, .NET, C#
- Security Certifications are nice to have but not required. A few recommended ones:
- OSCE, OSCP, GXPN, GMON, GPEN, GWAPT, GREM, GCIH, CISSP, etc.
- Experience using SQL and Elasticsearch databases a plus.
- Experience with Cloud Security Architecture and Distributed Computing a plus.
LogRhythm is proud to be an equal opportunity employer. We are committed to equal opportunity regardless of race, color, ancestry, religion, gender, gender identity, genetic information, parental or pregnancy status, national origin, sexual orientation, age, citizenship, marital status, disability, or Veteran status.
LogRhythm, a leader in Threat Lifecycle Management, empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyberthreats. The company’s patented award-winning platform unifies next-generation SIEM, log management, network and endpoint monitoring, user entity and behavior analytics (UEBA), security automation and orchestration (SAO) and advanced security analytics. In addition to protecting customers from the risks associated with cyberthreats, LogRhythm provides compliance automation and assurance, and enhanced IT intelligence.
Among its many industry accolades, LogRhythm has been positioned as a Leader in Gartner’s SIEM Magic Quadrant, received SC Labs’ “Recommended” rating for SIEM and UTM for 2017 and won “Best SIEM” in SANS Institute’s “Best of 2016 Awards.”