Senior Cloud Security Threat Researcher

Who We AreRed Canary was founded to create a world where every organization can make its greatest impact without fear of cyber attack. Our combination of market-defining technology, processes, and expertise are preventing breaches every day. We are completely changing the way security is delivered and setting the new standard for security. If our mission resonates with you, let’s talk!  
What We Believe In- Do what’s right for the customer- Be kind and authentic- Deliver great quality- Be relentless
Challenges You Will SolveThe Threat Research team is responsible for answering the question, “how do we detect this attack technique?” To answer this question confidently, you will apply a formalized research method resulting in the development of attack technique automation, documentation, and detection recommendations that scale across all of our customers. You will excel in this role as someone who applies an adversarial mindset, is familiar with Cloud services attack techniques, develops and validates research hypotheses, inhibits adversary success, and can communicate technical concepts in an accessible, succinct fashion.
There are many attack techniques targeting Cloud technologies that are abused by adversaries and you will help prioritize our detection focus. You will become a technical subject matter expert on each technique you research and you will effectively contextualize, communicate, and automate your work. You understand how to dive deep into cloud telemetry to develop robust detection strategies. In the absence of available telemetry, you will develop relationships with vendors and communicate proposed product enhancements. You also know how adversaries evade detections and you will apply your extensive knowledge to anticipate and act on real and theoretical evasion opportunities. You’ve performed research in the past and understand its place in producing practical, operational deliverables. You ask really good questions, maintain focus, thrive in transforming ambiguity into confidence, and you are firmly grounded in reality.

What You'll Do

• Scope research initiatives and continually refine scope as needed.
• Write attack technique automation code. Your expertise is Cloud and SaaS focused, you will specifically develop code to automate attack techniques similar to the form of our AtomicTestHarnesses module
• Write test code to exercise attack technique coverage.
• Research and analyze threats related to Cloud and SaaS service providers like AWS, GCP, Azure, Office 365, Okta, and Google Workspaces.
• Analyze emerging cloud threats, their impact on customers, and data sources to detect attacker tradecraft. 
• Document and present your research findings and deliverables in an easy to understand, actionable manner both internally and externally.
• Work closely with detection engineers and intelligence analysts to prioritize and refine your deliverables.
• Apply an adversarial mindset to your research and detection engineering recommendations.
• Serve as a technical mentor for those interested in pursuing research as a discipline and practice.
• Work hard to understand the technical components and related detection optics that underlie a technique. In doing so, you will also comprehend the extent to which adversaries can exercise control over variations of the researched technique.
• Collaborate across Red Canary to develop new detection methodologies.

What You'll Bring

• 6+ years of experience conducting security research or threat research with actionable outcomes. 
• Experience working with commercial Endpoint Detection & Response (EDR) and/or Cloud-based detection platforms.
• Software development experience in at least one scripting language (e.g. PowerShell, Python, etc.) and one compiled language (e.g. C, C++, Rust, etc.).
• Security experience of at least one cloud service provider (e.g. AWS, GCP, Azure) and Cloud architectures.
• Red Teaming / Pentesting experience of cloud services (e.g. AWS, GCP, Azure, Okta, O365).
• Knowledge of container and Kubernetes attack surfaces and security practices.
• Have an established record of public community engagement.
• Experience managing code with git/GitHub.

Targeted base salary range: $145,000 - $205,000 + bonus eligibility and equity depending on experience.
Why Red Canary?Red Canary is where people embody our mission to improve security outcomes for all. People work hard to maintain a culture that encourages authenticity in order to do your best work. Our people are driven and committed to finding the best security outcomes, delivering real and actionable answers, and being transparent along the way. 
At Red Canary, we offer a very rich benefits program to our full-time team members so they can focus on their families and improving our customers’ security. For a full list of benefits, please review our Benefits Summary:https://resource.redcanary.com/rs/003-YRU-314/images/BenefitSummary2022forRecruiting.pdf
Individuals seeking employment at Red Canary are considered without regard to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation.