Principal Cloud Threat Researcher
Who We Are
Red Canary was founded to create a world where every organization can make its greatest impact without fear of cyber threats. We’re a cyber security company who protects, supports and empowers organizations to make better security decisions so they can focus on their mission without fear of cyber threats.
The combination of our market-defining technology and expertise prevents breaches every day and sets a new standard for partnership in the industry. We’re united in our commitment to customers and grounded in our values, which earned us a place on the Forbes Best Start-up Employers 2022 list. If our mission resonates with you, let’s talk.
What We Believe In
- Do what’s right for the customer
- Be kind and authentic
- Deliver great quality
- Be relentless
Challenges You Will Solve
The Threat Research team is responsible for answering the question, “how does this attack technique work and how do we detect it?” To answer this question confidently, you will apply a formalized research methodology resulting in the development of attack technique automation, documentation, and detection recommendations that scale across all of our customers. You will excel in this role as someone who: applies an adversarial mindset, is intimately familiar with Cloud-related attack techniques, develops and validates research hypotheses, and can communicate technical concepts in an accessible, succinct fashion.
Leveraging your extensive knowledge in Cloud security concepts and adversary attack paths, you will be a key stakeholder to continuously prioritize our product development and detection engineering efforts. You will serve as a technical subject matter expert on Cloud technologies at Red Canary and help drive product strategy and implementation. You understand how to dive deep into adversary techniques to better inform defensive decisions and communicate those lessons with the team and broader industry. You understand how to find and document the relevant data for making informed decisions about threats. You also know how adversaries evade detections and you will apply your extensive knowledge to anticipate and act on real and hypothetical evasion opportunities. You’ve performed research in the past and understand its place in producing practical, operational deliverables. You ask really good questions, maintain focus, thrive in transforming ambiguity into confidence, and you are firmly grounded in reality, with a focus on operationalizing your research. You will be relied upon as a subject matter expert who understands adversary trends and who can get their hands dirty by understanding and replicating adversary tradecraft.
What You'll Do
- Scope research initiatives and continually refine scope as needed.
- Write attack technique automation code. Replicating attack techniques is crucial to understanding the data available to make informed detection decisions. You will specifically develop code to automate attack techniques similar to the form of our AtomicTestHarnesses module.
- Research and analyze attack techniques related primarily to AWS Cloud services. Additional Cloud platform expertise is welcomed.
- Document and present your research findings and deliverables in an easy to understand, actionable manner both internally and externally.
- Work closely with detection engineers, intelligence analysts, and threat hunters to prioritize and refine your deliverables.
- Apply an adversarial mindset to your research and detection engineering recommendations.
- Serve as a technical mentor for those interested in pursuing research as a discipline and practice.
- Work hard to understand the technical components and related detection optics that underlie a technique. In doing so, you will also comprehend the extent to which adversaries can exercise control over variations of the researched technique.
- Collaborate across Red Canary to develop new detection methodologies.
What You'll Bring
- 5+ years of experience conducting security research with actionable outcomes.
- Experience working with commercial Endpoint Detection & Response (EDR) and/or Cloud-based detection platforms.
- Software development experience in at least one scripting language (e.g. PowerShell, Python, etc.) and/or one compiled language (e.g. Go, Ruby, .NET, Rust, etc.).
- Extensive security experience in AWS and its available data source for optics and detection. Additional Cloud platform expertise is welcomed.
- Have an established record of public, community engagement (conference talks, blog posts, or webinars, etc.)
- Experience managing code with git/GitHub.
- Understands the role of detection engineering and threat hunting.
Targeted base salary: $176,600 - $195,000 + bonus eligibility and equity depending on experience.
Benefit Highlights:
- 100% Paid Premiums: Red Canary offers a 100% paid plan option for medical, dental and vision for you and your dependents. No waiting period.
- Health & Wellness - Access to mental health services, Employee Assistance Program and additional programs to incentivize healthy habits.
- Fertility Benefits: All new hires are eligible for benefits as of their first day.
- Flexible Time Off: Take the time you need to recharge including vacation, sick, bereavement, jury duty, and holidays.
- Paid Parental Leave- Full base pay to bond/care for your new child.
- Pre-Tax Plans - Red Canary offers a variety of plans to fit you and your dependent specific needs including FSA, HRA and HSA, with employer funding to offset out of pocket health care expenses.
- Flexible Work Environment- With 60% remote workforce, Canaries can work virtually from almost anywhere in the US.
The application deadline is March 29th, 2024.
Why Red Canary?
Red Canary is where people embody our mission to improve security outcomes for all. People work hard to maintain a culture that encourages authenticity in order to do your best work. Our people are driven and committed to finding the best security outcomes, delivering real and actionable answers, and being transparent along the way.
At Red Canary, we offer a very rich benefits program to our full-time team members so they can focus on their families and improving our customers’ security. For a full list of benefits, please review our Benefits Summary:
https://resource.redcanary.com/rs/003-YRU-314/images/RedCanary_2024BenefitsSummary.pdf?version=0
Individuals seeking employment at Red Canary are considered without regard to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation.