Principal Security Researcher, TLM

HUMAN was founded in 2012 in a Brooklyn sci-fi bookstore by Tamer Hassan, Michael Tiffany, Dan Kaminsky, and Ash Kalb. Our humble beginnings led to the creation of the Human Verification Engine, the backbone of all our products that protect enterprises from sophisticated bots. Today we verify the humanity of more than 15 trillion interactions per week for some of the largest companies and internet platforms across the internet. 
Our hacker roots still permeate everything we do. You will be a part of the HUMAN front line in our commitment to helping protect companies (and in turn, their customers) from both revenue and reputation risk caused by malicious bots. However, HUMAN is not the center of this story. Humans like yourself are. We firmly believe in putting people first. This approach spans our extensive benefits and day-to-day culture in order for every human to do the best work of their life. We want to hear about the marathon you’re training for. We want to see pictures of your pets. We want to know your favorite robot (we have many). 
The HUMAN R&D team is pivotal to our mission to protect the heart of the internet by disrupting the economics of cybercrime. They are the ones uncovering and fighting bot operations like PARETO, ICEBUCKET, 3ve, and Methbot. HUMAN supports our R&D humans by strongly valuing deep work and flexibility. Company-wide meeting-free Fridays give you uninterrupted time to work on your projects. Additionally, this team is encouraged to participate in R&D Research Friday - a designated half-day each week dedicated to trying new ideas and personal career development. HUMAN is fully committed to flexible working arrangements, or as we call it, work from anywhere, anytime. All of this is to ensure our humans are able to do the best work of their lives. 
We want to work with people like you who break down problems to build up better solutions. That’s what makes us HUMAN.  Our reverse engineering team is responsible for diving deep into the rabbit holes of botnets and fraud. We keep a keen eye on the latest threats while also trying to predict the next move in ad fraud. Massive-scale cyber crime relies on infected hosts. By dissecting and analysing the malware involved in this we’re able to pivot and dismantle whole operations. Fast and agile, we try to automate as much as we can of the boring tasks so we can focus on boldly going where no analyst has gone before.
You will need a keen edge in order to discern between a developer that just doesn’t know how to implement an application and another one that’s keen on committing fraud. Our work can bring down a whole company, so with great power comes great responsibility. You’ll need to be familiar with various programming languages and app development  best practices as well as having bash as your second language.

What you will do:

• Open Source/Closed Source investigations of frauds/threats with a high understanding of Operational security 
• Answer the technical questions, such as: Why is this app doing so much traffic out of nowhere in the middle of the night? Why is it pretending to be a desktop browser? This automated login, was it with or without user consent? Are users being exploited and their data exfiltrated?
• Continuously monitoring and investigating the open internet, darknet, and private forums for bot related activities 
• Network & Data analytics to understand bot-related activities 
• Come up with new ways of sifting through global-scale telemetry
• Come up with new tools that automate signal and lead generation for identifying new strains of bots
• Look through our proprietary internal information leading to new bot-insights 
• Explain what a certain IoC means to less savvy people in order for them to better conceptualize a threat. Create the “ground truth” insights that data science teams need to connect the dots between IoCs seen in sandboxes, and traffic telemetry seen in the wild
• Scour the ad tech ecosystem and the realms of e-commerce, financial services, and online media for new ways in which fraudsters might abuse them

Who you are:

• You are an expert in OSINT research and threat hunting.
• You have an expertise in analyzing, tracking and explaining threat incidents and indicators.
• You are skilled in writing technical reports and blogs.
• You’re enthusiastic about analyzing desktop, ctv & mobile (iOS/Android) frauds/threats.You’re no stranger to static/dynamic analysis .
• You are a hacker and find a safe way to accomplish tasks and defeat hurdles. 
• You are a proficient scripter/automator in JS, python, sh etc. (one or more).
• You understand the internet (mobile & web) ecosystem.
• You are a cybersecurity professional with understanding in operation and prevention of various prevailing & potential frauds.
• You enjoy working with more junior team members and enabling them for success
• You are self motivated, own responsibilities, and enjoy working with a team of diverse skill & culture.
• You have published technical blogs/papers or presented in research forums.

Life at HUMAN:
HUMAN prides itself on being an equal opportunity workplace. We firmly believe in putting people first regardless of who you are, where you come from, how you identify, or who your favorite robot is (we have many). We are on a mission to protect the integrity of the internet for everyone, so we welcome all individuals to come to share their unique experiences and perspectives as we fight against cybercrime together!With Humans located in all parts of the world, we’ve fully embraced our diversity of thought and are always looking for innovative ways to connect with one another - even in virtual reality! Although New York City is our HQ, with teams in London, Virginia, and Victoria, we trust our Humans in choosing where they work and how they work. The benefits package we provide reflects our remote-first culture and our commitment to our Humans’ personal career development, which includes annual stipends for home office setup, wellbeing, and learning & development. We also offer weekly lunches, flexible time off, no-meeting Fridays, HUMAN days, sabbatical programs, and so much more.We’re constantly trying to anticipate the needs of our Humans to ensure each one of us is equally prepared to do some of the best work of our life. Taking care of one another is part of the HUMAN experience and how we build true HUMAN connections.
If you are an individual with a disability or special need that requires accommodation, please contact us directly.