Staff Security Research Engineer

OverviewJoin to apply for the Staff Security Research Engineer role at Proofpoint.About Us: We are the leader in human-centric cybersecurity. We’re driven by a mission to stay ahead of bad actors and safeguard the digital world. Join us in our pursuit to defend data and protect people.How We Work: At Proofpoint, you’ll be part of a global team that breaks barriers to redefine cybersecurity, guided by our BRAVE core values: Bold in how we dream and innovate, Responsive to feedback, challenges, and opportunities, Accountable for results and best-in-class outcomes, Visionary in future-focused problem-solving, Exceptional in execution and impact.Corporate Overview: Proofpoint is a leading cybersecurity company protecting organizations’ greatest assets and biggest risks. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber-attacks. We support many Fortune 1000 organizations with people-centric security and compliance solutions across email, the cloud, social media, and the web. Protection Starts with People.ResponsibilitiesDesign and develop software using a variety of languages, primarily Python, with little external guidance, while providing technical leadership to guide other software engineers on the teamModify existing web-based UI for internal tools to maintain and extend the sandbox submission and report UI for Proofpoint threat researchersWrite C or C++ for low-level interactions with the OS as neededDevelop and maintain web browser interaction capabilities using Chrome WebDriverAnalyze and reverse engineer JavaScript that fingerprints web browser artifacts to identify sandbox web browsers or instrumentation, and innovate solutions to defeat those checksFamiliarity with analyzing web front-end DOMDevelop and maintain software for processing network traffic, including TLS decryption and processing PCAP filesCollaborate with threat analysts and detection engineers who research threat actors and write detection rules that run on the systems you developAs needed, create new detection languages and systems for threat researchers to develop detection rulesAdd features to existing threat detection languages to enable greater flexibility for threat researchers to automate website interactions and detect threat patternsLeverage AI Large Language Models where appropriate to enhance threat detection pipelines, test evasion countermeasures, and decide when AI adds valueDesign and develop automation pipelines to turn manual tasks into automated scriptsStay abreast of a constantly evolving threat landscape and understand TTPs used by threat actors to bypass detection environmentsProvide expert assistance to threat researchers and analysts analyzing phishing websites and security research or red team demonstrations of new evasion techniquesAs needed, support sandbox countermeasure development and reverse engineering of malware executable files for Windows (primary malware reverse engineering responsibilities rest on other roles)Apply critical thinking to identify efficient ways to mitigate threats and evasionsCollaborate effectively as part of a remote team using chat, video, and conference callsWork with other engineering teams to define requirements for continuous improvement of critical detection capabilitiesWhat You Bring To The TeamAs a Security Research Engineer on Proofpoint’s Threat Research team, you’ll be part of a collaborative, industry-leading team focused on tracking threat actors, malware, phishing, and TTPs and responding to the changing threat landscape with software that detects and prevents threats from reaching Proofpoint customers. If you enjoy analyzing attacker techniques and using that knowledge to counteract threats with innovative software solutions, this is the role for you.A passion for threat research and a deep understanding of the security threat landscape and actor TTPs, especially countermeasures for evasions and sandbox detectionAbility to write production-grade, reliable Python code with instrumentation for observability and error monitoringExperience developing software using Docker containersExperience developing web browser automationExperience analyzing network traffic for threat detection with solid understanding of TLS, HTTP, and other network protocolsWillingness to work independently and as part of a distributed teamAbility to work in a fully remote environmentThe following skills and experience are nice to have: Experience with C and C++Experience developing Windows API hooks and researching undocumented Windows APIsExperience writing malware behavior signaturesSome experience analyzing malware using a debugger and willingness to learnExperience with static reverse engineering tools (IDA Pro, Ghidra, Binary Ninja, etc.) is a plusAbility to interpret forensic output from dynamic analysis (sandbox) environmentsExperience with various malware sandboxes (e.g., Cuckoo, Joe Sandbox, Any Run, Triage)Additional InformationTravel 1% - 10% (flexible) mainly for team collaboration or security conferencesLocation: Canada (Remote), US (Remote), Argentina (Remote), UK (Remote), Ireland (Remote), Germany (Remote), France (Remote), Switzerland (Remote)Must be able to work during business hours local to your time-zoneWhy ProofpointWe are a customer-focused, innovative company with leading edge products. We offer a comprehensive compensation and benefits package, flexible work options, and opportunities for growth. We value collaboration and global teamwork and encourage applications from diverse backgrounds.Pay transparency and equity information is provided, including base pay ranges by location and notes on variable compensation and benefits. The actual offer will be based on the candidate’s experience.Base Pay RangesSF Bay Area, New York City Metro Area: 194,475.00 - 285,230.00 USDCalifornia (excludes SF Bay Area) and other specified states: 162,375.00 - 238,150.00 USDAll other cities and states: 148,425.00 - 217,690.00 USDSeniority levelNot ApplicableEmployment typeFull-timeJob functionEngineering and Information TechnologyIndustries: Computer and Network Security and Software DevelopmentReferrals increase your chances of interviewing at Proofpoint by 2xHow to ApplyInterested? Submit your application here: We can’t wait to hear from you#J-18808-Ljbffr