Senior Security Researcher, SIEM

About The Position

Requirements

• Understand various log types + how they correlate to attacker tradecraft
• Deployed and matured SIEM technology (vendor agnostic, preferred)
• Performed successful threat hunting in SIEM platforms with particular focus on top security vendor log sources
• Developed proofs of concept & set up attack simulation environments to generate logs and text attack paths
• Experience working in a SOC
• Built a metrics-driven tuning program
• Executed coverage gap analysis
• Skilled at translating current trends in cybersecurity for both technical and non-technical audiences
• Skilled at translating MITRE TTPs to Customer value propositions
• Skilled at researching emerging tradecraft
• Experience triaging business email compromise, performing initial access root cause analysis, incident + threat analysis, with the ability to build a SIEM log detection strategy

Responsibilities

• Define the value of a log. Not all log sources have equal security value, and not all logs from a single source hold the same value. You will support the processing strategy for our SIEM product to extract maximum security value from the narrowest set of logs
• Support the security Capabilities we bring to market, implement the layered defense strategy gained by combining multiple log sources
• Lead various vendor log source detection strategies + implementation
• Hunt threat actors to discover attacker initial access, abuse, and persistence
• Test attack paths. Develop high-efficacy detections & security product requirements that shut out attackers
• Safely & ethically test exploitation of vulnerabilities, misconfigurations, and attack paths that result in developing reliable and weaponized Proof-of-Concept (PoC) exploits for identified vulnerabilities
• Identify telemetry that confirms malicious activity with high confidence, even when little or no environment baselines exist
• Distinguish between suspicious and malicious login events to reach the highest accuracy true positive rate
• Conduct research and development efforts to further threat detection and security posture
• Document research findings through technical write-ups, advisories, internal reports, and blogs
• Ensure Huntress SIEM alerts are highly accurate and customer-accepted. We strive for 99% accuracy for critical alerts
• Collaborate with the Principal Researcher to deliver unified SIEM outcomes
• Build high-trust, high-value product leads and cross-department relationships critical to successful product delivery & launch
• Proven organizational skills with keen attention to detail and a sense of urgency to deliver exceptional outcomes under tight deadline pressures
• Eagerness to engage, report, and be accountable to executive stakeholders
• Passion to translate your expertise in nontechnical ways to deliver impactful security outcomes that protect the 99%
• Promote Huntress’ reputation through media interaction, public speaking, and blogs
• Educate the public on how to be security savvy in novel and fun ways

Benefits

• 100% remote work environment - since our founding in 2015
• Generous paid time off policy, including vacation, sick time, and paid holidays
• 12 weeks of paid parental leave
• Highly competitive and comprehensive medical, dental, and vision benefits plans
• 401(k) with a 5% contribution regardless of employee contribution
• Life and Disability insurance plans
• Stock options for all full-time employees
• One-time $500 reimbursement for building/upgrading home office
• Annual allowance for education and professional development assistance
• $75 USD/month digital reimbursement
• Access to the BetterUp platform for coaching, personal, and professional growth