Sr APT Threat Analyst
London, England
Proofpoint
Proofpoint helps protect people, data and brands against cyber attacks. Offering compliance and cybersecurity solutions for email, web, cloud, and more.It's fun to work in a company where people truly BELIEVE in what they're doing!
We're committed to bringing passion and customer focus to the business.
Corporate Overview
Proofpoint is a leading cybersecurity company protecting organizations’ greatest assets and biggest risks: vulnerabilities in people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Leading organizations of all sizes, including more than half of the Fortune 1000, rely on Proofpoint for people-centric security and compliance solutions mitigating their most critical risks across email, the cloud, social media, and the web.
We are singularly devoted to helping our customers protect their greatest assets and biggest security risk: their people. That’s why we’re a leader in next-generation cybersecurity.
The Role
As a Proofpoint Advanced Persistent Threat (APT) researcher, you will spend time searching through data looking for threats, analyzing them, and making that information meaningful to our customers. Leveraging Proofpoint data, common threat intelligence data providers, information from trust groups, and other sources, you will be responsible for covering the threat landscape with a focus on state aligned threats in specific regions of interest as assigned by the APT team manager. As an APT specialist you’ll communicate your findings to various groups including customers, fellow threat researchers and teams who create detections in our products. You will also have the opportunity to present your research at public and private industry conferences. You’ll be a part of a team of dynamic and creative threat researchers focused on the threat landscape, finding threats, understanding them, and using that knowledge to improve our products and protect our customers. Making APT landscape research visible and useful for our customers is a large part of this role.
- Monitor and analyze threat intelligence sources to stay abreast of new threats and tactics.
- Collect, process, and disseminate intelligence to stakeholders in a timely and actionable manner.
- Develop and maintain relationships with external organizations to improve information sharing and collaboration.
- Identify gaps in collection, recommend, and participate in the implementation of solutions to fill those gaps.
- Produce intelligence reports and technical briefings on current and emerging threats for various audiences: Proofpoint executives, public blogs and Proofpoint customers (including our APT Threat Intelligence customers)
- Use excellent analytical skills to work in a diverse team environment, exchanging ideas and data with developers, support, product managers, and customers.
Your day-to-day
- Hunt in Proofpoint’s proprietary telemetry sources to identify and cluster state aligned cyber espionage activity.
- Analyze APT-related attack chains, including phishing, malware and threat data from internal and external sources, with a focus on activity that has an email component.
- Provide threat detection findings to detection teams as they create and deploy detections in our products
- Occasionally conduct dynamic and static malware analysis on samples obtained from our customer data and threat hunting activity to assist in signature development
- Piece together malicious campaigns, threat actors, and unattributed activity
- Prepare APT activity notification reports for impacted customers
- Generate intelligence to support Proofpoint’s mission to protect our customers
- Create and present written deliverables to multiple audiences, both external and internal.
- Present complex technical topics to senior management, internal stakeholders, our customers, and peers
- Expand upon existing intelligence to build profiles of tracked Threat Actors
- Collaborate on research projects with the wider threat research team
What you bring to the team
- An empathetic approach to collaboration and a flexible attitude, ready to work with a close knit team passionate about disrupting adversaries
- A well-rounded understanding of the current APT threat landscape in general
- Direct experience tracking apex cyber espionage actors of any region, familiarity with their TTPs and key features that can be used for attribution.
- Strong knowledge of Cyber Threat Intelligence principles to include indicators of compromise (IOC) types, indicator pivoting and indicator attribution strength.
- Skills to profile and track APT actors efficiently, including Yara, infrastructure tracking, reverse engineering capabilities, indicator pivoting techniques and enough experience with a scripting language to automate various aspects of your work
- The ability to make a hypothesis based on your threat research, prove or disprove it using our data, and communicate that information to our customers or internal stakeholders
- Ability to comfortably communicate directly with customers and the security community
- Experience with Network and Host malware detection engineering
- Excellent interpersonal, organizational, writing, communications, and briefing skills
- Motivation to dig through internal and open-source data to find threat information and use it to provide value to customers
- Experience with various technologies used for hunting in big data sets
Nice to have
- Formal university-level education in computer science, computer security or another related discipline, or equivalent certifications and/or work experience
- Information security community experience; a blog, website, published papers, conference presentations, or other experience on the public side of the security field
- Experience working remotely for a large information security vendor
- Familiarity with email delivery mechanisms (DNS, SMTP, etc) & common email formats (RFC822 headers, MIME)
- Familiarity with email-borne threats and related analysis techniques
- Familiarity with Suricata or Snort
- Familiarity with interpreting malware sandboxing reports
Why Proofpoint
Protecting people is at the heart of our award-winning cybersecurity solutions, and the people who work here are the key to our success. We’re a customer-focused and driven-to-win organisation with leading-edge products. We are an inclusive, diverse, multinational company that believes in culture fit, but more importantly ‘culture-add’, and we strongly encourage people from all walks of life to apply.
We believe in hiring the best and the brightest to help cultivate our culture of collaboration and appreciation. Apply today and explore your future at Proofpoint! #LifeAtProofpoint
If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: APT Big Data Cloud Compliance Computer Science DNS Malware Reverse engineering Scripting SMTP Snort Threat detection Threat intelligence Threat Research TTPs Vulnerabilities
Perks/benefits: Career development Conferences Flex hours
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Product Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs