About the Role

Abnormal Security is looking for a security researcher to join the Security & Privacy team. As a leading cybersecurity company, it is imperative we find, analyze, and report on threat actors and techniques and leverage that knowledge to enhance and improve our platform’s capabilities to catch new and novel attacks. This role will be responsible for analyzing attacks to identify new threat actors, providing continuous feedback to our product and engineer teams on enhancing our detection capabilities, partnering with our marketing team to publicize unique attacks/threat actors, and conducting offensive security practices to ensure our platform and infrastructure’s robust security. The ideal candidate will have the ability to find the ‘needle in a haystack’, provide actionable recommendations on product enhancements, and provide assurance of our robust security posture.

Who you are

• Strong oral and written communication skills along with presentation skills; the ability to quickly build rapport with internal and external stakeholders.
• Analytical skills, with the ability to identify patterns, trends, and anomalies in large and complex data sets.
• Team player, collaborative work style.
• High attention to detail, process, and organization.
• Outstanding analytical skills and exercises good business judgment
• Demonstrated experience presenting detailed, technical concepts to both technical and non-technical audiences.
• Results-oriented, values collaboration, self-motivated, and willing to adapt to change in a fast-moving environment.
• Ability to manage multiple priorities and meet deadlines in a fast-paced environment.
• Operate within an agile environment and provide leadership to adapt to dynamics in technology, industry, cyber threats, and our own business.

What you will do

Threat Intelligence / Research

• Conduct in-depth research and analysis of email threats, including but not limited to phishing attacks, Phishing as a service (PhaaS), spear phishing, business email compromise (BEC), and ransomware campaigns.
• Conducting deep research on attacker campaigns and techniques to support durable detection investments and improve customer experience.
• Document and track advanced threat activity, including major crimeware, nation-state entities, and other threat groups.
• Conduct in-depth threat research to identify and analyze potential security attack vectors and emerging threats.
• Stay current with industry trends, security vulnerabilities, and email security best practices to anticipate and counter emerging threats effectively.
• Create threat intelligence reports, including indicators of compromise (IOCs), network and host-based indicators, and behavioral patterns.
• Document and enrich the understanding of the threat landscape, including attacker techniques, emerging trends, and patterns.
• Perform leading-edge security research for email/SaaS-based threats – systems analysis, APT threat modeling, tools assessment, network/protocol analysis, etc.
• Demonstrate an advanced understanding of the current and former threat landscape, including major trends, activity groups, and tooling used by prolific and obscure threat actors.
• Share knowledge and expertise through documentation, presentations, and training sessions to enhance the overall security awareness and capabilities of the organization.
• Respond to customer inquiries and news releases to analyze threats and threat actors to provide tangible reporting and metrics on attacks.

Threat Hunting

• Utilize threat intelligence platforms, open-source intelligence (OSINT) tools, and internal data sources to gather, correlate, and analyze threat indicators.
• Conduct in-depth analysis to identify new attack campaigns.
• Conduct thorough threat hunting and analysis using large and diverse datasets to identify false negatives, detect gaps, and improve our overall security posture.
• Develop and maintain a comprehensive understanding of the evolving tactics, techniques, and procedures (TTPs) used by threat actors in email-based attacks.
• Automate security processes through scripting or coding languages, particularly Python.

Offensive Security

• Conduct cloud penetration testing engagements to assess specific workloads (i.e., AWS, GCP, Azure, containers, or other PaaS and SaaS instances) for vulnerabilities and subsequently attempt to exploit identified weaknesses after receiving permission from client stakeholders.
• Design and develop novel threat detection techniques or methodologies, from creating proof-of-concept to productizing the solution.
• Replicate attacker techniques and tooling to produce samples for use during detection development and for detection validation and gap identification.

Must Haves

• Bachelor’s Degree in Information Security, Computer Science, Digital Forensics, Cyber Security, or equivalent years of professional experience to meet job requirements and expectations.
• 5+ years of experience in the security domain, including both a detailed understanding of attacker techniques and tracking the threat actors behind specific campaigns.
• 2+ years working within the email threat landscape.
• 2+ years of attack and penetration testing experience

• Experienced with security assessment tools, including Nessus, OpenVAS, Metasploit, Burp Suite Pro, Cobalt Strike, Bloodhound, Empire, Mimikatz, Impacket, etc.
• Experience with penetration testing and securing major cloud providers (i.e., AWS, GCP, and Azure)
• Experience analysing email headers and email/web security protocols.

• Reverse Engineering
• Malware analysis (PE Files, Script Files, Office Files)
• Yara, RegEx, or comparable rule-writing experience
• Scripting languages (e.g., Python, PowerShell)
• Understand OWASP & MITRE ATT&CK framework

Nice to Have

• Advanced degree in Computer Science, Engineering, or Cybersecurity.
• OSCP, OSCE, or GPEN, GCIH, GCPN, GWAPT certifications.