Threat Intelligence Researcher

About SecurityScorecard:

SecurityScorecard is the global leader in cybersecurity ratings, with over 12 million companies continuously rated, operating in 64 countries. Founded in 2013 by security and risk experts Dr. Alex Yampolskiy and Sam Kassoumeh and funded by world-class investors, SecurityScorecard’s patented rating technology is used by over 25,000 organizations for self-monitoring, third-party risk management, board reporting, and cyber insurance underwriting; making all organizations more resilient by allowing them to easily find and fix cybersecurity risks across their digital footprint. 

Headquartered in New York City, our culture has been recognized by Inc Magazine as a "Best Workplace,” by Crain’s NY as a "Best Places to Work in NYC," and as one of the 10 hottest SaaS startups in New York for two years in a row. Most recently, SecurityScorecard was named to Fast Company’s annual list of the World’s Most Innovative Companies for 2023 and to the Achievers 50 Most Engaged Workplaces in 2023 award recognizing “forward-thinking employers for their unwavering commitment to employee engagement.”  SecurityScorecard is proud to be funded by world-class investors including Silver Lake Waterman, Moody’s, Sequoia Capital, GV and Riverwood Capital.

About the Team:

The Threat Research team within the STRIKE (SecurityScorecard, Threat Research, Intelligence, Knowledge & Engagement) at SecurityScorecard drives both basic and applied security research that directly and indirectly contribute to the security posture of our customers. The team has several objectives, including tracking, investigating, and analyzing the latest advanced threats and campaigns affecting our customers and their vendors, the planning, software development, and design of threat data collections systems that produce signals which can automatically highlight active threats to customers or intrusions, and advising both internal and external stakeholders up the C-level on their security risk posture as part of threat intel’s professional services.

The tight-knit SecurityScorecard Threat research team brings together staff with a combination of skills ranging from fundamental cyber threat intelligence gathering, software engineering, vulnerability analysis, Internet measurement, malware research, digital forensics, machine learning and data analysis, and networking and operating systems fundamentals that all together lead to the sourcing of active threats and data that can better help SecurityScorecard's customers protect their assets, understand their vendors, and educate their staff.

This team works in tandem with other teams in STRIKE, as well teams outside, including Data Science, Attribution, Scoring, and Data Analytics and Engineering, as well as publishes and communicates research with the outside world through conferences, partnerships, and organizations like the Cyber Threat Alliance, CISA, ISACS, and the FBI.

About the Role:

In this role, we are looking for an experienced threat hunter/threat researcher that is comfortable with ambiguity, has significant experience writing automation code to gather threat intelligence, has demonstrated expertise at the upper levels of the security community, and is self-driven and able to work in an environment where every day presents a new challenge.

The right candidate will be expected to lead and/or play a major role in the following activities:

• Tracking active campaigns from major threat actors both known and unknown against public, private, and government entities and automating collection of data on these topics
• Writing automation code in Python to collect new in-house developed threat intelligence data that will be consumed by upstream teams and products
• Maintaining knowledge of Advanced Persistent Threat (APT), ransomware, and major cybercrime Tactics Techniques and Procedures(TTPs)
• Writing and publishing reports and then sharing with the security research community through our partnerships
• Teaching and training others in the company on the tactics and methods of tracking advanced threats
• Providing threat context and integration support to multiple SecurityScorecard products, customers, and sales architects
• Analyzing technical data to extract attacker TTPs, identify unique attributes of malware, map attacker infrastructure, and pivot to related threat data
• Identifying and hunting for emerging threat activity across all internal/external sources
• Establishing standards, taxonomy, and processes for threat modeling and integration
• Performing threat research and analysis during high-severity cyber-attacks impacting SecurityScorecard customers globally

Required Qualifications:

• Has at least 2-5 years of experience in security research broadly, including hunting threat actors (criminals or nation states), with specific technical experience (analysis of campaigns, malware involved, command and control (C2) servers, and CVEs exploited)
• Analysis of campaigns and actors extends beyond data breaches and traditional attacks (e.g. DDoS, public leaked credentials to network access) to sophisticated, nation-state or cybercrime-driven campaigns
• Fluent in at least one high-level programming language (Python, Go, Ruby, JavaScript, etc.) and ability to use the experience to automate threat hunting and threat intelligence gathering activities (in Threat Research we use Python on a daily basis)
• Experience working with threat intelligence platforms such as MISP and related analysis systems such as Splunk, VirusTotal Intelligence Graph Explorer, Silobreaker, or other commercial tools for analyzing our data

Preferred Qualifications:

• Experience with C and/or Assembly or another low level programming language that ties into development of exploits for software, firmware, and hardware products
• Experience with producing and consuming data from streaming platforms such as Confluent Kafka, which we use internally to centralize all our threat intelligence data for consumption by upstream products
• Functional understanding of vulnerabilities and related exploit code, capable of writing automation and detection for various CVEs
• Experience in developing automation to statically and dynamically analyze malware and subsequent campaigns
• Experience with reverse engineering using IDA, Radare, Ghidra or another malware analysis program as well as working knowledge of debuggers such as Olybdg and hopper

Additional Qualifications: 

• Excellent communication and presentation skills with the ability to present to technical and non-technical audiences
• Exceptional written communication skills
• Strong decision making skills with the ability to prioritize and execute
• Ability to set and manage expectations with senior stake-holders and team members
• Strong problem solving, troubleshooting, and analysis skills
• Experience working in fast-paced, often chaotic environments during major incidents
• Excellent interpersonal and teamwork skills in a fully remote environment

Benefits:

Specific to each country, we offer a competitive salary, stock options, Health benefits, and unlimited PTO, parental leave, tuition reimbursements, and much more!

SecurityScorecard is committed to Equal Employment Opportunity and embraces diversity. We believe that our team is strengthened through hiring and retaining employees with diverse backgrounds, skill sets, ideas, and perspectives. We make hiring decisions based on merit and do not discriminate based on race, color, religion, national origin, sex or gender (including pregnancy) gender identity or expression (including transgender status), sexual orientation, age, marital, veteran, disability status or any other protected category in accordance with applicable law. 

We also consider qualified applicants regardless of criminal histories, in accordance with applicable law. We are committed to providing reasonable accommodations for qualified individuals with disabilities in our job application procedures. If you need assistance or accommodation due to a disability, please contact talentacquisitionoperations@securityscorecard.io.

Any information you submit to SecurityScorecard as part of your application will be processed in accordance with the Company’s privacy policy and applicable law. 

SecurityScorecard does not accept unsolicited resumes from employment agencies.  Please note that we do not provide immigration sponsorship for this position.   #LI-DNI