Events  Deals  Jobs 
    Sign in  
 
 
SecurityScorecard // security grading service for orgs
 
Remote (US/Canada)    Posted: Thursday, July 15, 2021
 
   
 
Apply To Job
 
 
JOB DETAILS
 

About SecurityScorecard

SecurityScorecard is an industry-leading cybersecurity company backed by Google, Sequoia, & Riverwood. Our mission is to make the world a safer place. We measure your & your vendors' cyber-health by assigning a security rating of "A" through "F" based on outside-in, non-intrusive data. Our Comprehensive security ratings, advanced data analytics, & actionable insights discover Third-Party Vulnerabilities & Security Gaps In Real-Time.
Headquartered in NYC with over 270+ employees globally, raised over $110M USD, used by 1,000+ enterprise customers, & rating 1.6 million companies. We have created a new category of enterprise software, & our culture has helped us be recognized as one of the 10 hottest SaaS startups in NY for two years in a row.
Our vision is to create a new language for companies & their partners to communicate, understand, & improve each others security posture.

About the team

The Threat Intelligence team at SecurityScorecard drives both basic & applied security research that directly & indirectly contribute to the security posture of our customers. The team has several objectives, including tracking, investigating, & analyzing the latest advanced threats & campaigns affecting our customers & their vendors, the development & design of signals which can automatically highlight active threats to customers or intrusions, & advising both internal & external stakeholders up the C-level on their security risk posture as part of threat intels professional services.

The tight-knit SSC team brings together staff with a combination of skills ranging from fundamental cyber threat intelligence gathering, software engineering, vulnerability analysis, Internet measurement, malware research, digital forensics, machine learning & data analysis, & networking & operating systems fundamentals that all together lead to the sourcing of active threats & data that can better help SecurityScorecard's customers protect their assets, understand their vendors, & educate their staff.

This team works in tandem with other teams in Cyber Threat Research & Intelligence, as well teams outside, including Data Science, Attribution, Scoring, & Data Analytics & Engineering, as well as publishes & communicates research with the outside world through conferences, partnerships, & organizations like the Cyber Threat Alliance.

What you will do

In this role, we are looking for an established & experience threat hunter/threat researcher that is comfortable with ambiguity, has demonstrated expertise at the highest levels of the security community, & is self-driven & able to work in an environment where every day presents a new challenge.

The right candidate will be expect to lead and/or play a major role in the following activities:

  • Tracking active campaigns from major threat actors against public, private, & government entities
  • Maintaining expert knowledge of APT, ransomware, & major cybercrime TTPs
  • Writing & publishing reports & then sharing with the security research community through our partnerships
  • Teaching & training others in the company on the tactics & methods of tracking advanced threats
  • Providing threat context & integration support to multiple SecurityScorecard products
  • Analyzing technical data to extract attacker TTPs, identify unique attributes of malware, map attacker infrastructure, & pivot to related threat data
  • Identifying & hunting for emerging threat activity across all internal/external sources
  • Establishing standards, taxonomy, & processes for threat modeling & integration
  • Performing threat research & analysis during high-severity cyber-attacks impacting SecurityScorecard customers globally

Basic Qualifications 

  • Has a history of public industry(BlackHat, DEFCON, SchmooCon, VirusBulletin, etc.) or applied academic security publications (USENIX Security, CCS, NDSS, S&P, etc.) related to threat hunting of criminal & Advanced Persistent Threats
  • Has 7+ years of experience hunting threat actors (criminals or nation states), with specific technical experience (analysis of campaigns, malware involved, C2 servers, & CVEs exploited)
  • Analysis of campaigns & actors extends beyond data breaches & traditional attacks (e.g. DDoS, public leaked credentials to network access) to sophisticated, nation-state or cybercrime-driven campaigns
  • Fluent in at least one high-level programming language (Python, Ruby, JavaScript, etc.) & ability to use the experience to automate threat hunting & threat intelligence gathering activities

Preferred Experience:

  • Deep experience working at a major public or large private non-government security company known for threat intelligence & Ransomware/APT tracking
  • Additional experience in government in addition to industry working with U.S. intelligence & cyber security agencies as a threat hunter is welcomed

Additional Qualifications 

  • Excellent communication & presentation skills with the ability to present to technical & non-technical audiences
  • Exceptional written communication skills
  • Strong decision making skills with the ability to prioritize & execute
  • Ability to set & manage expectations with senior stake-holders & team members
  • Strong problem solving, troubleshooting, & analysis skills
  • Experience working in fast-paced, often chaotic environments during major incidents
  • Excellent inter-personal & teamwork skills

Benefits

We offer a competitive salary, stock options, a comprehensive benefits package, including health & dental insurance, unlimited PTO, parental leave, tuition reimbursements, & much more!

SecurityScorecard embraces diversity. We believe that our team is strengthened through hiring & retaining employees with diverse backgrounds, skillsets, ideas, & perspectives. We make hiring decisions based upon merit & do not discriminate based on race, religion, national origin, gender identity or expression, sexual orientation, age, or marital, veteran, or disability status.

 
 
 
Apply To Job
 
 
 
 
 
© 2021 GarysGuide      About    Feedback    Press    Terms