Threat Researcher
Infoblox
- Madrid
- Permanente
- Tiempo completo
- Discover threats related to DNS and script algorithms to deliver indicators to protect customer networks
- Contribute workflows, algorithms, and/or enrichments to help customers prioritize and understand threats within their network
- Research, design, develop, and build repeatable analytics, heuristics and rules-based detection around threats, tactics/techniques/procedures (TTPs), and indicator scoring
- Use statistics, and scripting in python and pyspark, to draw insights from very large, diverse data sets
- Analyse structured and unstructured data sets to identify trends and anomalies that could indicate malicious activity
- Collaborate with others of different expertise to address complex threat problems
- Craft reports on discoveries such as threat actors, malware, and campaigns
- Bachelor's Degree in Computer Science or equivalent experience
- Familiarity with AWS technologies and comfort with Python and Command Line Interface
- Knowledge of threat analysis and research, familiarity with leveraging open-source or an equivalent level of experience in statistical analysis with a passion for threat intelligence
- Coding and data skills such as Python, data analysis and statistics, use of notebooks (Jupyter, Databricks)
- Ability to analyse threat signatures in DNS traffic and other data sources to find and identify malicious activity, campaigns, and understand changes in the threat landscape
- Experience using virtual environments for analysis of suspicious sites and files
- Experience writing intelligence reports and presentations
- A collaborative approach, questioning and inquisitive mind, and a drive to learn and employ new tools and techniques
- Experience in network protocol log analysis, preferably in the DNS protocol and/or other complex data sources for threat hunting
- Contribute to new algorithms to find suspicious or malicious indicators for our products
- Support research and contribute to at least one publication
- Understand our data sources, pipelines, tools, and techniques
- Collaborate with others to execute threat research projects
- Hone your research and prototyping capabilities to better protect our customers
- Use our data sources to develop new analytics in threat intelligence and prioritization