Sr APT Threat Analyst

It's fun to work in a company where people truly BELIEVE in what they're doing!

We're committed to bringing passion and customer focus to the business.

Corporate Overview

Proofpoint is a leading cybersecurity company protecting organizations’ greatest assets and biggest risks: vulnerabilities in people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Leading organizations of all sizes, including more than half of the Fortune 1000, rely on Proofpoint for people-centric security and compliance solutions mitigating their most critical risks across email, the cloud, social media, and the web.

We are singularly devoted to helping our customers protect their greatest assets and biggest security risk: their people. That’s why we’re a leader in next-generation cybersecurity.

The Role

As a Proofpoint Advanced Persistent Threat (APT) researcher, you will spend time searching through data looking for threats, analyzing them, and making that information meaningful to our customers. Leveraging Proofpoint data, common threat intelligence data providers, information from trust groups, and other sources, you will be responsible for covering the threat landscape with a focus on state aligned threats in specific regions of interest as assigned by the APT team manager. As an APT specialist you’ll communicate your findings to various groups including customers, fellow threat researchers and teams who create detections in our products. You will also have the opportunity to present your research at public and private industry conferences. You’ll be a part of a team of dynamic and creative threat researchers focused on the threat landscape, finding threats, understanding them, and using that knowledge to improve our products and protect our customers. Making APT landscape research visible and useful for our customers is a large part of this role.

• Monitor and analyze threat intelligence sources to stay abreast of new threats and tactics.
• Collect, process, and disseminate intelligence to stakeholders in a timely and actionable manner.
• Develop and maintain relationships with external organizations to improve information sharing and collaboration.
• Identify gaps in collection, recommend, and participate in the implementation of solutions to fill those gaps.
• Produce intelligence reports and technical briefings on current and emerging threats for various audiences: Proofpoint executives, public blogs and Proofpoint customers (including our APT Threat Intelligence customers)
• Use excellent analytical skills to work in a diverse team environment, exchanging ideas and data with developers, support, product managers, and customers.

Your day-to-day

• Hunt in Proofpoint’s proprietary telemetry sources to identify and cluster state aligned cyber espionage activity.
• Analyze APT-related attack chains, including phishing, malware and threat data from internal and external sources, with a focus on activity that has an email component.
• Provide threat detection findings to detection teams as they create and deploy detections in our products
• Occasionally conduct dynamic and static malware analysis on samples obtained from our customer data and threat hunting activity to assist in signature development
• Piece together malicious campaigns, threat actors, and unattributed activity
• Prepare APT activity notification reports for impacted customers
• Generate intelligence to support Proofpoint’s mission to protect our customers
• Create and present written deliverables to multiple audiences, both external and internal.
• Present complex technical topics to senior management, internal stakeholders, our customers, and peers
• Expand upon existing intelligence to build profiles of tracked Threat Actors
• Collaborate on research projects with the wider threat research team

What you bring to the team

• An empathetic approach to collaboration and a flexible attitude, ready to work with a close knit team passionate about disrupting adversaries
• A well-rounded understanding of the current APT threat landscape in general
• Direct experience tracking apex cyber espionage actors of any region, familiarity with their TTPs and key features that can be used for attribution.
• Strong knowledge of Cyber Threat Intelligence principles to include indicators of compromise (IOC) types, indicator pivoting and indicator attribution strength.
• Skills to profile and track APT actors efficiently, including Yara, infrastructure tracking, reverse engineering capabilities, indicator pivoting techniques and enough experience with a scripting language to automate various aspects of your work
• The ability to make a hypothesis based on your threat research, prove or disprove it using our data, and communicate that information to our customers or internal stakeholders
• Ability to comfortably communicate directly with customers and the security community
• Experience with Network and Host malware detection engineering
• Excellent interpersonal, organizational, writing, communications, and briefing skills
• Motivation to dig through internal and open-source data to find threat information and use it to provide value to customers
• Experience with various technologies used for hunting in big data sets

Nice to have

• Formal university-level education in computer science, computer security or another related discipline, or equivalent certifications and/or work experience
• Information security community experience; a blog, website, published papers, conference presentations, or other experience on the public side of the security field
• Experience working remotely for a large information security vendor
• Familiarity with email delivery mechanisms (DNS, SMTP, etc) & common email formats (RFC822 headers, MIME)
• Familiarity with email-borne threats and related analysis techniques
• Familiarity with Suricata or Snort
• Familiarity with interpreting malware sandboxing reports

Why Proofpoint

Protecting people is at the heart of our award-winning cybersecurity solutions, and the people who work here are the key to our success.  We’re a customer-focused and driven-to-win organisation with leading-edge products. We are an inclusive, diverse, multinational company that believes in culture fit, but more importantly ‘culture-add’, and we strongly encourage people from all walks of life to apply. 

We believe in hiring the best and the brightest to help cultivate our culture of collaboration and appreciation. Apply today and explore your future at Proofpoint! #LifeAtProofpoint

If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!