Sr/Staff Threat Researcher

About SecurityScorecard

SecurityScorecard is an industry-leading cybersecurity company backed by Google, Sequoia, and Riverwood. Our mission is to make the world a safer place. We measure your and your vendors' cyber-health by assigning a security rating of "A" through "F" based on outside-in, non-intrusive data. Our Comprehensive security ratings, advanced data analytics, and actionable insights discover Third-Party Vulnerabilities & Security Gaps In Real-Time.

Headquartered in NYC with over 270+ employees globally, raised over $110M USD, used by 1,000+ enterprise customers, and rating 1.6 million companies. We have created a new category of enterprise software, and our culture has helped us be recognized as one of the 10 hottest SaaS startups in NY for two years in a row.

Our vision is to create a new language for companies and their partners to communicate, understand, and improve each other’s security posture.

About the team

The Threat research team within the Cyber Threat Research and Intelligence Group at SecurityScorecard drives both basic and applied security research that directly and indirectly contributes to the security posture of our customers. The team has several objectives, including tracking, investigating, and analyzing the latest advanced threats and campaigns affecting our customers and their vendors, the planning, software development, and design of threat data collections systems that produce signals which can automatically highlight active threats to customers or intrusions, and advising both internal and external stakeholders up the C-level on their security risk posture as part of threat intel’s professional services.

The tight-knit SecurityScorecard Threat research team brings together staff with a combination of skills ranging from fundamental cyber threat intelligence gathering, software engineering, vulnerability analysis, Internet measurement, malware research, digital forensics, machine learning and data analysis, and networking and operating systems fundamentals that all together lead to the sourcing of active threats and data that can better help SecurityScorecard's customers protect their assets, understand their vendors, and educate their staff.

This team works in tandem with other teams in Cyber Threat Research and Intelligence, as well teams outside, including Data Science, Attribution, Scoring, and Data Analytics and Engineering, as well as publishes and communicates research with the outside world through conferences, partnerships, and organizations like the Cyber Threat Alliance, CISA, ISACS, and the FBI.

What you will do

In this role, we are looking for an established and experienced threat hunter/threat researcher that is comfortable with ambiguity, has significant experience writing automation code to gather threat intelligence, has demonstrated expertise at the upper levels of the security community, and is self-driven and able to work in an environment where every day presents a new challenge.

The right candidate will be expect to lead and/or play a major role in the following activities:

• Tracking active campaigns from major threat actors against public, private, and government entities and automating collection of data on these topics
• Writing automation code in Python to collect new in-house threat intelligence data that will be consumed by upstream teams and products
• Maintaining knowledge of APT, ransomware, and major cybercrime TTPs
• Writing and publishing reports and then sharing with the security research community through our partnerships
• Teaching and training others in the company on the tactics and methods of tracking advanced threats
• Providing threat context and integration support to multiple SecurityScorecard products, customers, and sales architects
• Analyzing technical data to extract attacker TTPs, identify unique attributes of malware, map attacker infrastructure, and pivot to related threat data
• Identifying and hunting for emerging threat activity across all internal/external sources
• Establishing standards, taxonomy, and processes for threat modeling and integration
• Performing threat research and analysis during high-severity cyber-attacks impacting SecurityScorecard customers globally

The direct work of this team has led to a vast expansion of product offerings at SecurityScorecard, including Attack Surface Intelligence, our unique threat intelligence offering combining our own in-house global scanning data combined with threat context from our in-house crawlers of Ransomware sites, malware sinkholes, 80+ country honeypot network, and more. Additionally, our team in combination with the Global Investigations team in the Cyber Threat Research and Intelligence group led to the creation of a bespoke threat hunting as a service offering to customers via Cyber Risk Intelligence under our professional services organization. In this role, you will contribute significantly to both of these efforts by doing net-new analysis of threat actor activity and automation of new in-house threat intelligence data collection systems that not only benefit ASI and CRI but also the core Security Ratings product.

Basic Qualifications 

• Has at least 5-7 years of experience in security research broadly, including hunting threat actors (criminals or nation states), with specific technical experience (analysis of campaigns, malware involved, C2 servers, and CVEs exploited)
• Analysis of campaigns and actors extends beyond data breaches and traditional attacks (e.g. DDoS, public leaked credentials to network access) to sophisticated, nation-state or cybercrime-driven campaigns
• Fluent in at least one high-level programming language (Python, Go, Ruby, JavaScript, etc.) and ability to use the experience to automate threat hunting and threat intelligence gathering activities (in Threat Research we use Python on a daily basis)
• Experience working with threat intelligence platforms such as MISP and related analysis systems such as Splunk, VirusTotal Intelligence Graph Explorer, Silobreaker, or other commercial tools for analyzing our data

Preferred Experience:

• Experience with C and/or Assembly or another low level programming language that ties into development of exploits for software, firmware, and hardware products
• Experience with producing and consuming data from streaming platforms such as Confluent Kafka, which we use internally to centralize all our threat intelligence data for consumption by upstream products
• Great understanding of vulnerabilities and related exploit code, capable of writing automation and detection for various CVEs
• Experience in developing automation to analyze malware and subsequent campaigns
• Experience with reverse engineering using IDA or another malware analysis program

Additional Qualifications 

• Excellent communication and presentation skills with the ability to present to technical and non-technical audiences
• Exceptional written communication skills
• Strong decision making skills with the ability to prioritize and execute
• Ability to set and manage expectations with senior stake-holders and team members
• Strong problem solving, troubleshooting, and analysis skills
• Experience working in fast-paced, often chaotic environments during major incidents
• Excellent inter-personal and teamwork skills

Benefits and Team Culture

We offer a competitive salary, pre-IPO stock options, a comprehensive benefits package, including health and dental insurance, unlimited PTO, parental leave, tuition reimbursements, and much more. We are a fully remote company with a global headquarters in NYC, United States.

The Threat research team and broader Cyber Threat Research and Intelligence group is spread across the United States, Canada, and Eastern Europe. The threat research team believes in working hard, but not overworking. Some weeks may present breaking zero-days that require hands-on analysis and support of our sales team and customers while other weeks may find you deep in writing automation code for gathering new leaked credentials, data from dark web forums, or expanding our global scanning framework with new Nmap and Nuclei scripts. In total, our work is flexible and dynamic and we encourage generous use of our unlimited PTO (the threat research team enforced a minimum of 3 weeks per year of PTO) for individuals which go above and beyond on a regular basis.

SecurityScorecard embraces diversity. We believe that our team is strengthened through hiring and retaining employees with diverse backgrounds, skillsets, ideas, and perspectives. We make hiring decisions based upon merit and do not discriminate based on race, religion, national origin, gender identity or expression, sexual orientation, age, or marital, veteran, or disability status.