Remote - Seattle, Washington, United States
DomainTools seeks a curious and qualified security researcher to join its growing research team. The research team aims to find new and innovative methods for tracking cybercrime and state-sponsored activity online through continued research into emerging adversary methodologies over Internet-scale datasets. We are looking for a well-organized self-starter with a keen interest in turning their day-to-day research into publishable material, product and service improvements, and automated systems that can help our team, our company, our customers, and the security community as a whole detect and predict emerging threats online.
- Create primary research on threat actor infrastructure and TTPs, track emerging attacker methodologies, monitor threat actors or actor groups.
- Develop expertise on DomainTools’ data and platforms to enhance primary research efforts and provide guidance on future DomainTools’ products & integrations.
- Maintain up-to-date awareness of computer network exploitation, attack tools and tradecraft, threats and vulnerabilities, and respective countermeasures.
- Analyze malware and/or attacker toolchains to assess their functionality, origin, and purpose.
- Develop automation programs/tools to collect, parse, and organize open source information (OSINT) for aggregation into our intelligence repository to track threat actors at scale.
- Collaborate with Data Scientists and Engineers on ways to map infrastructure, analyze new Internet-based datasets, and create novel ways to identify, track, and predict threats
- Support the DomainTools Marketing and PR efforts with analysis of timely breaches and attack vectors, including possible public commentary.
- Engage with customers on advanced usage of DomainTools data and services within customers’ processes and workflows.
- Train company staff on security research awareness, principles, and techniques.
- Contribute to the cybersecurity community through webinars, podcasts, papers, blogs, and presentations.
- Help make the Internet a safer place for everyone.
- 3-5 years of experience in Security Research
- Working knowledge of the infrastructure of the Internet, analyzing that infrastructure, and how that infrastructure ties together including, but not limited to: cryptography (TLS, Public-Key Cryptography), networking (ASNs, BGP, TCP/IP), and protocols (SSH, HTTP, SMTP, DNS).
- Experience with additional data processing/scripting languages such as Python
- Demonstrated ability to translate deeply technical information for the public, customers, and internal stakeholders. Must be comfortable giving webinars, conference talks, and internal training as well as writing summary reports and publicly published blog posts detailing methodology and findings of research.
- A strong desire to be a representative of one’s work and the team’s work at security industry events and conferences.
- OSINT investigation skills.
- Track record of initiative in identifying cybersecurity issues, proposing appropriate projects to address and resolve them. Especially experience in a Detection/Response or Offensive security team role.
- Hands on experience analyzing phishing campaigns, malicious infrastructure, and/or malware threats.
- Strong problem-solving capability, with a track record of reconciling conflicting and/or incomplete information to develop solutions.
- Track record of independently managing small and large projects; driving for results, consistently meeting deadlines, budget and scope.
- Demonstrated ability to collaborate, resolve conflicts when needed, and build working relationships across the company
- Consistent drive for continuous improvement; demonstrated willingness to incorporate feedback into performance.
- Strong sense of accountability, holding self and others accountable for meeting commitments.
- Track record of meeting and exceeding stakeholder expectations.
- Experience with cloud services like AWS and in creating serverless/containerized applications in tools like AWS Lambda or Docker.
- Contribution to open-source projects.
- Active participation in the security community.
- Comfortable working with large data sets including command line processing and loading into larger data stores such as Elasticsearch or relational databases.
- Comfortable in automating research tasks and contributing to software projects that support the work of the research team.
- Experience with Pyspark, Scala, and/or Go. Comfortable working with Spark jobs in Hadoop.
- Demonstrated accountability for escalated cases that require in-depth debugging and troubleshooting
- Publications demonstrating thought leadership are highly desirable.
DomainTools is the leader in domain name, DNS and Internet OSINT-based cyber threat intelligence and cybercrime forensics products and data. With over 15 years of domain name, DNS and related ‘cyber fingerprint’ data across the Internet, DomainTools helps companies assess security threat risks, profile attackers, investigate online fraud and crimes, and map cyber activity in order to stop attacks. Our customers include many Fortune 500 companies, including leaders in Internet technology, banking, consumer products, manufacturing and government.
We are located in Belltown (although 100%. remote through 3/2021) in a very cool office staffed with smart and energetic co-workers. We provide great benefits such as fully paid premiums on medical plans for employees, pet insurance, flexible PTO, and flexible scheduling to name a few.
DomainTools embraces diversity, equity, and inclusion to its fullest as an equal opportunity employer. We build our teams so creativity and innovation can flourish. We believe inclusivity and equity fosters innovation and growth; and we harness this mindset to drive a culture that serves our employees and our customers. We encourage people of all backgrounds, ages, perspectives, and skill sets to apply; and do not discriminate based on age, religion, color, national origin, gender, sexual orientation, gender identity, marital status, veteran status, disability, or any other characteristic protected by law.