Job Description

Zscaler is looking for a highly technical senior security researcher with significant experience in threat detection engineering. This position will be responsible for analyzing zscaler product telemetry and hunting for malware threats at scale through in-depth log analysis and malware behavior. The results will be used to develop innovative tools to automate further threat hunting, produce technical threat analytics reports, and publish research blogs.

Responsibilities:

• Responsible for analyzing and creating detections around the latest advanced threats and TTPs affecting Zscaler products and customers.
• Responsible for the development and design of signals which can automatically highlight active threats.
• Analyze malware, attacks, and threat intel for patterns and develop automated solutions for analysis, classification, and categorization of data for further automation.
• Conduct threat-hunting operations in complicated SaaS environments and drive product innovation in threat detection
• Work with global cyber intelligence collectors to identify, contextualize, and instrument current and emerging cyber threats.
• Identify gaps in controls, processes, systems and recommend solutions.
• Actively participate in the cyber security community, establishing relationships and knowledge sharing.
• Contribute to the detection and alerting pipeline so that our Threat Hunting team can quickly identify and remediate potential security threats.
• Develop security-focused tools and services in support of intelligence, detection, and response.

Qualifications:

• Required 5+ years hands-on threat detection, threat research and threat hunting experience
• Strong understanding of tools, tactics and procedures (TTPs) of threats actors (eCrime/APT)
• Experience in incident analysis and response using industry standard frameworks such as MITRE ATT&CK and the cyber kill chain
• Experienced in security information and event management tools, such as Splunk, Elasticsearch.
• Experience with malware analysis - dynamic & static
• Must be able to validate findings, perform root cause analysis, and deliver recommendations for fixes.
• Strong scripting and automation skills are must (Python preferable)
• Must have excellent reporting and analytical skills.
• Strong understanding of web protocols and web application security
• Experience writing IDS/IPS, YARA signatures

Preferred:

• TTP based threat hunting
• In-depth log analysis and malware tracking and monitoring
• Data mining experience with large security data sets such as IDS, IPS and firewall logs.
• Strong development background with experience in Python and Familiarity with SQL

Education:

• Bachelor's or graduate degree from four-year college or university (preferably in Computer Science, Engineering, or a related discipline), or equivalent security industry work experience.

#LI-JM1

#LI-REMOTE