Reporting to the Sr. Manager of GTS Engineering, the Principal Research Engineer is responsible for performing advanced and technical threat research into criminal phishing ecosystem as well as providing leading edge and intelligence driven concepts, designs, and developments that helps Cofense and our customers rapidly identify, address, optimize, and mitigate real-world cyber security challenges and gaps.
Essential Duties/Responsibilities
- Maintain visibility and awareness of the global threat landscape to identify new tactics, threats, malware, or shifts in how attackers are leveraging phishing attacks and related malicious
- Perform in-depth and advanced analysis of adversarial modes, methods, code bases, and malware.
- Independently and collaboratively identify, quantify, scope, and design/plan research, proof-of concept, and MVP development efforts.
- Utilize your expertise to perform periodic gap analysis within the phishing and threat detection ecosystem, including market wide gaps as well as internal opportunities for Cofense innovations.
- Work closely with the Cofense Phishing Defense Center to maintain awareness of the overall threat landscape as well as identify shifts and/or gaps in existing threat analysis methodologies, tooling, optimizations, and overall requirements.
- Ability to provide qualitative and quantitative research and analysis of relevant cyber security processes and technologies within Cofense to quantify overall capabilities, utilization, limitations, and opportunities.
- Ability to develop prototype code, in the appropriate language, to further additional research, validation, testing, and operational requirements throughout Cofense.
- Work closely with the Global Threat Services and Phishing Defense Center management and staff to identify areas of opportunity, requirements, value add initiatives, and to address/discuss technical issues and/or feature requests.
- Manage the creation and maintenance of documentation and materials that support deployment, configuration, work/data flows, and use of all Global Threat Services initiatives, efforts, and deployed/developed technologies.
- Create clear and concise documentation on research activities, findings, and lessons learned.
- Assist in the management, monitoring, and maintenance of internal infrastructure, architectures, and operational services. This can/will include both infrastructure and endpoint log management, alert generation, and the management/usage of technologies like Zabbix, Splunk, ES, etc.
- Assess and make recommendations for areas of research and cyber security processes, tools, languages, and methodologies.
- Supports and author applicable reports and documentation content regarding advanced attacker activities, new and emerging cyber threats, and analytical processes and procedures.
- Act as mentor and subject matter expert for GTS and PDC analysts and junior engineers.
- Other duties as assigned.
Knowledge, Skills and Abilities Required
- Highly capable with rapid prototyping language such as Python, Ruby, Java, C#.
- Experience in developing and maintaining CI / CD solutions in cloud-based environments.
- Knowledge of web frameworks and familiarity with TCP/IP, UDP, and HTTP protocols
- Understanding of the cyber landscape, especially as it relates to phishing.
- Demonstrates excellent customer service skills to both internal and external customers.
- Deep understanding of cloud DevOps automation and cloud native application development.
- Strong written and verbal communications skills with an ability to present technical risks and issues to non-technical audiences.
- Ability to exercise independent judgement and creative problem-solving techniques to research, compile, and perform complex initiatives.
- Expert knowledge of crafting API based solutions to manage and manipulate data in variety of formats.
- In depth experience with building and maintaining cloud resources and services in AWS including: EC2, RDS, Lambda, SNS, SQS, ECS, CloudFront, OpenSearch
- Deep understanding of SQL with ability to translate to various database management systems.
- Strong knowledge and experience with email implementations, analysis, infrastructure management, and security configurations.
- Ability to work and influence others in a matrix environment and build effective business partnerships with all levels of team members.
- Ability to synthesize complex analytical findings into executive level communications.
Education and/or Experience:
- 5+ years of experience in cyber security, research, or applicable fields
- Bachelors' degree preferred or higher in related field of
- Practical knowledge and experience performing and/or building technology that help advance reverse engineering and advanced rapid analysis of cyber threats.
- Certifications preferred: CISSP, OSCP/OSCE, CEH, CCNA, GREM
- Disclaimer-
The above statements are neither intended to be an all-inclusive list of the duties and responsibilities of the job described, nor are they intended to be a listing of all of the skills and abilities required to do the job. Rather, they are intended only to describe the general nature of the job. This job description is not a contract of employment, either express or implied. Employment with Cofense will be voluntarily entered into and your employment is considered at will. Cofense reserves the right to alter the job description at any time without notice.
Cofense is committed to equal employment opportunity. We will not discriminate against employees or applicants for employment on any legally recognized basis [protected class] including, but not limited to: veteran status, uniform service member status, race, color, religion, sex (including pregnancy), gender identity, sexual orientation, national origin, age, physical or mental disability, marital status, genetic information or any other status or characteristic protected by applicable national, federal, state or local laws and ordinances. We adhere to these commitments in all aspects of employment, including recruitment, hiring, training, compensation, promotion, benefits, and discipline.