Senior Threat Researcher -Detection Engineer
Sophos
- Canada
- $107,000-179,000 per year
- Permanent
- Full-time
- Understand malware kill chain & hands-on-keyboard attacks
- Accurate & efficient classification of malicious & suspicious behavior
- Mapping IOCs to MITRE Att&ck matrix
- Author classification rules, for both Endpoint & Cloud scenarios, to identify malicious & suspicious use of TTPs
- Analyze real-world kill chains to discover new TTPs and gaps in coverage
- Measure and tune TTP coverage through data mining, customer telemetry & internal sandbox feeds
- Build & maintain playbooks on threat actor TTPs
- Strong knowledge of Windows operating system, internals & forensic tools
- Programming experience, Python/Lua
- Excellent grasp of MITRE Att&ck tactics, techniques & simulation
- Familiar with computational cost analysis & problem solving to minimize impact
- Bachelor degree in Computer Software (Computer Security preferable)
- Big data experience, Elastic Search, Kibana, Redshift