Senior Cybersecurity Researcher

Fortra is looking for a seasoned and proactive Senior Cybersecurity Researcher to join our front-line cyber defense team. This is a critical, hands-on role for a technical expert who can hit the ground running with detection engineering. You'll be responsible for engineering and enhancing our detection capabilities across both our Data Loss Prevention (DLP) and Endpoint Detection & Response (EDR) platforms.

Your mission will be to proactively hunt for, identify, and build high-fidelity detections to stop advanced threats and prevent data exfiltration. If you excel at reverse-engineering application behavior, understanding how data moves, and building robust rules to stop attackers in their tracks, this role is for you.

WHAT YOU'LL DO

• Build & Tune Detections: Design, develop, test, and maintain sophisticated detection rules and policies within our EDR and DLP solutions to identify malicious activity and data exfiltration patterns.
• Technical Analysis: Conduct deep-dive analysis of application, operating system, and network behaviors. You'll use tools like Procmon, Sysmon, Wireshark, and others to understand underlying functions and identify opportunities for detection.
• Threat Hunting: Proactively hunt for advanced persistent threats (APTs), insider threats, and novel data exfiltration techniques across the enterprise.
• Code & Automate: Utilize Python, JSON, and XML to create, manage, and automate detection logic, policies, and response actions.
• Framework Alignment: Develop and map detection logic against industry-standard frameworks, with a heavy emphasis on the MITRE ATT&CK framework, to ensure comprehensive coverage of adversary tactics and techniques.
• Incident Response Support: Act as a senior technical escalation point for the Security Operations Center (SOC), providing expert analysis on complex alerts and security incidents.
• Mentorship: Mentor junior analysts and engineers, sharing your expertise in threat detection and system analysis to elevate the team's overall capability.
• Other duties as assigned.

QUALIFICATIONS

• 5-7+ years of experience in a senior cybersecurity role such as Detection Engineering, Threat Hunting, or a Senior SOC Analyst position.
• Expert-level, hands-on experience with either a major EDR platform or an enterprise DLP solution.
• Strong proficiency in scripting and data interchange formats, specifically Python, JSON, and XML, for building and managing detection logic.
• Demonstrated expertise in profiling applications and system-level processes using tools like Sysmon and the Sysinternals suite (Procmon, ProcExp, etc.).
• A deep, practical understanding of modern data exfiltration techniques (e.g., DNS tunneling, data staging, hiding in legitimate traffic) and the attacker lifecycle.
• Proven ability to apply the MITRE ATT&CK framework to threat modeling and detection engineering in a practical, measurable way.
• A self-starter mentality with the ability to operate independently and drive projects to completion with minimal supervision.

PREFERRED QUALIFICATIONS

• Relevant industry certifications (e.g., GIAC GCIH, GCFA, GREM, CISSP).
• Experience with cloud environments (AWS, Azure, GCP) and their native security tooling.
• Proficiency with SIEM query languages like Splunk SPL or Kusto Query Language (KQL).
• Experience with macOS.
• Experience with network forensics and packet analysis.
• Contributions to the security community (e.g., open-source tool development, research papers, blog posts).

3421