Threat Researcher - Detection Engineer - MAC OS
Sophos
- United Kingdom
- Permanent
- Full-time
- Understand malware kill chain and lifecycle & hands-on-keyboard attacks
- Accurate & efficient classification of malicious & suspicious behaviour
- Mapping TTPs to MITRE ATT&CK matrix
- Author classification rules, for both Endpoint & Cloud scenarios, to identify malicious & suspicious use of TTPs
- Analyze real-world kill chains to discover new TTPs and gaps in coverage
- Measure and tune TTP coverage through data mining, customer telemetry & internal sandbox feeds
- Build & maintain playbooks on threat actor TTPs
- Strong knowledge of MacOS operating system, internals & forensic tools
- Demonstrated programming experience. Preferred: Python, Lua, RegEx and/or SQL.
- Excellent grasp of MITRE ATT&CK tactics, techniques & procedures in order to create simulation
- Familiar with computational cost analysis & problem solving to minimize impact
- Bachelor degree in Computer Software (Computer Security preferable)
- Big data experience, Elastic Search, Kibana, Redshift
- SDLC or CI/CD Knowledge is a plus
- Bachelor's degree in computer software (Computer Security preferable) or equivalent experience