Senior Security researcher

Job Title:

Senior Security researcher

About Trellix:

Trellix, the trusted CISO ally, is redefining the future of cybersecurity and soulful work. Our comprehensive, GenAI-powered platform helps organizations confronted by today’s most advanced threats gain confidence in the protection and resilience of their operations. Along with an extensive partner ecosystem, we accelerate technology innovation through artificial intelligence, automation, and analytics to empower over 53,000 customers with responsibly architected security solutions.
We also recognize the importance of closing the 4-million-person cybersecurity talent gap. We aim to create a home for anyone seeking a meaningful future in cybersecurity and look for candidates across industries to join us in soulful work. More at https://www.trellix.com/.

Role Overview:

We’re looking for a Email Security Researcher to join our Email Security Research Team. In this role, you will focus on identifying and mitigating advanced email-borne threats—spam, Business Email Compromise (BEC), vishing, and targeted impersonation campaigns. You’ll leverage open-source and commercial tools, develop detection rules, and collaborate with global SOC teams to continuously improve our email threat-detection capabilities.

Key Responsibilities

• Threat Analysis & Hunting:

  • Review large volumes of email traffic to identify malicious patterns, emerging spam campaigns, BEC tactics, vishing attempts, and impersonation fraud.

  • Perform root-cause analysis on incidents and produce actionable intelligence.

• Rule Development & Tuning:

  • Author and maintain detection signatures in Snort, YARA, ClamAV, and SpamAssassin.

  • Optimize rule performance to minimize false positives/negatives.

• Automation & Tooling:

  • Develop Python scripts and serverless functions (AWS Lambda or GCP Cloud Functions) to automate email parsing, feature extraction, and alerting.

  • Integrate detection engines into SIEM and SOAR platforms.

• Collaboration & Reporting:

  • Work closely with SOC analysts, incident responders, and product teams to triage alerts, refine workflows, and deploy new detection logic.

  • Communicate findings and recommendations through clear technical reports and dashboards.

• Continuous Improvement:

  • Stay current on attacker tactics (TTPs), new phishing/vishing toolkits, and protocol-level evasion techniques (e.g., sender forging, DMARC bypass).

  • Contribute to threat-intel feeds and internal knowledge bases.

Basic Qualifications

• Experience: 5-8 years total with 3–5 years in email security research or detection engineering, with a focus on spam, BEC, vishing, and impersonation.

• Tools & Technologies:

  • Rule engines: Snort, YARA, ClamAV, SpamAssassin

  • Scripting: Python (experience with email libraries—imaplib, email, etc.)

  • Cloud platforms: AWS or GCP (Lambda/Functions, serverless compute, storage)

• Email Protocols & Forensics: Proficient with SMTP, MIME, DKIM, DMARC, SPF, and email header analysis.

• Analytical Skills: Strong capability to sift through raw logs and MIME bodies to uncover malicious indicators.

• Communication: Clear written and verbal skills to document findings for technical and non-technical audiences.

Preferred Qualifications

• Machine Learning & Analytics: Hands-on experience applying ML or statistical methods to email threat detection (e.g., feature engineering, anomaly detection, clustering).

• Global SOC Environment: Prior work in a 24×7 Security Operations Center supporting multi-region email volumes.

• Threat Intelligence Integration: Familiarity with integrating open-source or commercial intel feeds into detection pipelines.

• Scripting & Infrastructure as Code: Experience with Terraform, CloudFormation, or similar for automated deployment of detection infrastructure.

Company Benefits and Perks:

We believe that the best solutions are developed by teams who embrace each other's unique experiences, skills, and abilities. We work hard to create a dynamic workforce where we encourage everyone to bring their authentic selves to work every day. We offer a variety of social programs, flexible work hours and family-friendly benefits to all of our employees.

• Retirement Plans

• Medical, Dental and Vision Coverage

• Paid Time Off

• Paid Parental Leave

• Support for Community Involvement

We're serious about our commitment to a workplace where everyone can thrive and contribute to our industry-leading products and customer support, which is why we prohibit discrimination and harassment based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation or any other legally protected status.