Lead Threat Researcher

Lead Threat Researcher

About the Role

A Lead Threat Researcher - Security is both a cybersecurity expert and an experienced detections developer for endpoint network or cloud. They research and curate alerts and reports for their surface area. They look at new and emerging threats to identifythe investments we should be making to improve our threat detection capabilities.A Lead Threat Researcher is both a security expert in their source area and an experienced software developer. They have a strong security engineering and software development background that has a track record of developing high quality vulnerability and security posture management/analysis tooling and content for network endpoint and cloud. They look at new and emerging threats to identify the investments we should be making to improve our managed risk capabilities. Their overarching goal is to help us make security better for our clients every day. This role works with team members Product Management Security Services and various other specialists to continuously improve the coverage and efficiency of our MDR solution.

ALead Threat Researcher is responsible forproviding theteam technical direction to deliver high value detection capabilities. TheLead Threat Researcher will provide technical and security guidance and direction to their team through the entire development lifecycle. They will also provide guidance on best practices for performing research and developing detections. This is different from a Team Lead. The Team lead is responsible for leading the team and projects that team works on.

Responsibilities Include:

• Research and develop expertise in the various threat surfaces and telemetry available for them

• Work closely with technical leadership across the Security Products team and the company to drive and deliver on longer term outcomes as well as immediate threats

• Propose coverage and efficacy improvements to the detection surface

• Work with team members to develop novel detections and continuously tune existing ones

• Participate in the full software development life cycle

• Build well-designed testable efficient and secure code

• Build runbooks reports and supporting material for detection surface

• Document research findings and knowledge share with team and other departments

• Troubleshoot educate and share information with non-technical people

• Contribute to the growth and mentorship of other team members

• Detailed knowledge in the inner workings of vulnerability scanners such as Qualys Rapid7 Tenable etc.

• Experience with identifying product and market changes and needed analysis/detection coverage changes in your existing sources

• History of identifying product and market changes and needed analysis/detection coverage changes in your existing sources

• Experience with coding preferably in python

• Ability to troubleshoot educate and share information with non-technical people

We value a culture of sharing so every team has the opportunity to share their work with the entire department during our monthly R&D Demos. Once a year we hold a department-wide Hackathon teaming up across all R&D teams over four days to collaborate and build cool ideas outside the normal project scope. While innovation is the focus some of these ideas do make it into our products.

About you

We use and train a variety of technologies in MDR. You should have a deep understanding of the basic workings of a security operation center. As a lead developer you bring a diverse knowledge base that you use to help the team solve complex technical and security problems.

Expert in the development of security products/systems with a focus on 3 or more of the following key areas:

• SIEM detections

• NDR/IPS/IDS detections/signatures

• EDR detections/signatures

• Sigma and Yara rules

• Cloud security detections

• Development of anomaly and behavioural based detections

• Tuning and optimization of detections for all the above

Expert in at least two of the following Development Languages & Methodologies:

• Python Go Java and C/C

• Test Driven Development

• Full understanding and use of DevOps methods/tooling

• Full understanding/application of secure development practices

• Cloud Development: AWS Azure and GCP using Kubernetes/Containers IaaS and key PaaS services

• Agile (SCRUM/Kanban)

Expert in following security tooling:

• NGFW (PAN CISCO Fortinet etc.)

• Open Source IPS/IDS/NSM (e.g. Bro/Zeek/Suricata)

• SIEMs and Security Analytics platforms (e.g. Elastic Open Source Big Data Stacks Splunk etc.)

In addition you have proven leadership experience from previous projects regardless of title held. You have the ability to perform programming tasks and large engineering projects with Independence and expertise. You will be responsible for guiding and mentoring other staff members and will regularly lead technical projects. You have a high level of mastery over software development best practices and building reusable design patterns.

You have a history of delivering successful projects as well as some lessons learned from failures. Even if you havent worked with all of our specific technologies you bring a diverse knowledge base that you use to help the team solve complex technical problems. Youll receive all the security training you need during our onboarding process and through additional training on the job.

Interview process

The interview process is approximately as follows:

• Phone pre-screening: A recruiter contacts you to briefly discuss your work history and provide an overview of Arctic Wolf. Approximately 30 minutes.

• Technical assessment: A recruiter sends you a link to a straightforward technical assessment that is relevant to the role you are applying for. Approximately 1 hour.

• Face-to-face interviews: Several team members conduct two interviews to learn more about you and provide more information about your potential role and team. Be prepared to collaborate on a technical problem and talk more about past projects and your career goals. Approximately 1 hour per interview.

On-Camera Policy
To support a fair transparent and engaging interview experience candidates interviewing remotely are expected to be on camera during all video interviews.
Being on camera fosters authentic connection improves communication and allows for full engagement from both candidates and interviewers.
We understand that technical bandwidth or location-related challenges may occasionally prevent video use. If this applies candidates are required to notify us in advance so we can explore appropriate accommodations.

Security Requirements

• Conducts duties and responsibilities in accordance with AWNs Information Security policies standards processes and controls to protect the confidentiality integrity and availability of AWN business information (in accordance with our employee handbook and corporate policies).

• Background checks are required for this position.

• This position may require access to information protected under U.S. export control laws and regulations including the Export Administration Regulations (EAR). Please note that if applicable an offer for employment will be conditioned on authorization to receive software or technology controlled under these laws and regulations.