Senior Security Researcher

Ready to make an impact? Arctic Wolf seeks a Senior Security Researcher to join our pack.

Arctic Wolf, with its unicorn valuation, is the leader in security operations in an exciting and fast-growing industry—cybersecurity. How fast are we growing? Well, Arctic Wolf was highly ranked in the Deloitte Fast Technology 500 for North America in both 2019 (#25) and 2020 (#104)! We have doubled headcount, customers, and revenue for five years running.

We are also cultivating a collaborative and productive work environment that welcomes a diversity of backgrounds, cultures, and ideas to make our teams even stronger as we grow our teams globally. In fact, we were named a 2021 Top Workplace USA (Energage) as the top technology firm to work in our size category, were recognized as one of the 2020 Best Places to Work (bizjournals.com), and most recently were certified as a 2021 Great Place to Work (Great Places to Work Institute, Canada).

Arctic Wolf believes in corporate responsibility, and our worldwide offices proudly participate in volunteer programs throughout their communities. We’ve also earned distinction from TravelWise for our efforts in promoting sustainable transportation.

About the Team

Arctic Wolf Labs is the research-focused division at Arctic Wolf focused on advancing innovation in the field of security operations. The mission of Arctic Wolf Labs is to develop cutting-edge technology and tools that are designed to enhance the company’s core mission to end cyber risk, while also bringing comprehensive security intelligence to Arctic Wolf’s customer base and the security community-at-large. Leveraging the more than two trillion security events the Arctic Wolf Security Operations Cloud ingests, parses, enriches, and analyzes each week, Arctic Wolf Labs is responsible for performing threat research on new and emerging adversaries, developing advanced threat detection models, and driving improvement in the speed, scale, and detection abilities of Arctic Wolf’s solution offerings. The Arctic Wolf Labs team comprises security and threat intelligence researchers, data scientists, and security development engineers with deep domain knowledge in artificial intelligence (AI), security R&D, as well as advanced threat offensive and defensive methods and technologies.

About the Role

A Senior Security Researcher is a senior security subject matter expert in the areas of threat/malware analysis, vulnerability research, reverse engineering and advanced threat prevention/detection/analysis technologies and methods. You will work closely with stakeholders in our product management, Security Services, Threat Intelligence Research, Security Analytics, Managed Detection & Response (MDR), and Managed Risk (MR) teams to support our product development mandates including the development of advanced detections and vulnerability analysis for the endpoint, network and cloud domains. You will be involved in the development of our predictive threat defence systems/frameworks and will also participate in continually evaluating our security platforms against the latest threats and adversarial methods to identify gaps and research/prototype new solutions to address them.

Responsibilities Include:

• Analyze technical threats and data to research: TTPs, new ransomware/malware techniques, use of non-malicious tooling for attacks (e.g. LOL bins, penetration testing tools, etc.), and other adversarial methods.

• Develop and maintain threat/malware analysis tooling/methods

• Reverse engineering and analyzing novel threats/malware including evasions and the bypassing of protections

• Research and analyze emerging vulnerabilities and their possible exploitations with a focus on how to detect/prevent them in our MR and MDR services

• Provide research and subject matter expertise to S2 in support of advanced investigations and IR activities

• Mentor team members

Additionally, you will attend training, seminars or webinars that enhance your current knowledge base and skill set in order to improve job performance and efficiency. You will be expected to give external talks about your area of subject matter expertise at least once a year. 

We value a culture of sharing, so every team has the opportunity to share their work with the entire department during our monthly R&D Demos. Once a year we hold a department-wide Hackathon, teaming up across all R&D teams over four days to collaborate and build cool ideas outside the normal project scope. While innovation is the focus, some of these ideas do make it into our products.

About You

• Previous experience in advanced technical and analytical security roles -e.g. DFIR Analyst/Consultant, Security Engineer/Developer, or other equivalent/similar roles

• Prior experience in detections engineering using Yara/Sigma/Snort/Suricata and other pattern matching languages/rule sets

• Proficient in reverse engineering malware for Windows, Linux, and macOS

• Strong understanding of the following security tooling and methods (must have):

  • Open Source IPS/IDS/NSM/NDR (e.g. Bro/Zeek/Suricata)

  • Endpoint Security Monitoring/Event Analysis for Windows, Linux, and macOS (e.g. OSSEC, OSQuery, Sysmon, ETW, Windows Event Log, auditd, etc.)

  • Windows/Linux/macOS disk and memory forensics

  • Windows/Linux/macOS static and dynamic malware analysis with focus on highly evasive/complex threat agents

• Proficient in MITRE ATT&CK framework and its application in the development of detection methods

• Strong understanding of OS security hardening and controls for Windows (inclusive of Active Directory), Linux, and macOS

• Foundational understanding of the following security tooling and methods:

  • EDR tools for Windows, Linux, macOS (e.g. MS Defender ATP, SentinelOne, Carbon Black, CrowdStrike, etc.)

  • NGFW (PAN, CISCO, Fortinet, etc.)

  • SIEMs and Security Analytics platforms (e.g. Elastic, Open Source Big Data Stacks, Splunk, etc.)

• Ability to troubleshoot, educate, and share information with non-technical people

In addition, you may have demonstrated leadership experience from previous projects, regardless of title held. Even if you haven’t worked with all of our specific technologies, you bring a diverse knowledge base that you use to help the team solve complex technical problems.

Interview Process

The interview process is approximately as follows:

• Phone pre-screening: A recruiter contacts you to briefly discuss your work history and provide an overview of Arctic Wolf. Approximately 30 minutes.

• Technical assessment: A recruiter sends you a security research assessment to complete.

• Face-to-face interviews: Several team members conduct interviews to learn more about you and provide more information about your potential role and team. Be prepared to collaborate on a technical problem and talk more about past projects and your career goals. Approximately 1 hour per interview.

Security Requirements

• Conducts duties and responsibilities in accordance with AW’s Information Security policies, standards, processes, and controls to protect the confidentiality, integrity, and availability of AW business information assets.

• Must pass a criminal background check and an employment verification as a condition of employment.

Working at Arctic Wolf:

Arctic Wolf recognizes that success comes from delighting our customers, so we work together to ensure that happens every day. We believe in diversity and inclusion, and truly value the unique qualities and unique perspectives all employees bring to the organization. And we appreciate that—by protecting people’s and organizations’ sensitive data and aiming to end cyber risk— we get to work in an industry that is fundamental to the greater good.

All wolves receive compelling compensation and benefits packages, including:

• Equity for all employees
• Paid parental leave
• Training and career development programs

If you're excited about this role, but do not meet all of the qualifications listed above, we still encourage you to apply. We review all applications and may yet consider you the right person for the role or have another open position where you’re the perfect fit.

Arctic Wolf is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, genetics, or any other basis forbidden under federal, provincial, or local law.

Arctic Wolf is committed to fostering a welcoming, accessible, respectful, and inclusive environment that ensures equal access and participation for people with disabilities. Please let us know if you require any accommodations by emailing recruiting@arcticwolf.com.