Sr. Threat Research Engineer

Proofpoint is a leading cybersecurity company protecting organizations’ greatest assets and biggest risks: vulnerabilities in people. We are a global team focused on protecting data and people, with a mission to stay ahead of bad actors and safeguard the digital world.

We work guided by BRAVE core values: Bold, Responsive, Accountable, Visionary, and Exceptional in execution and impact.

You are a Senior CyberSecurity Analyst (email borne threats) or have a strong desire and a skill set to become one!

We are looking for a highly intelligent, analytical, driven person to join a dynamic group of people who are passionate about saving the world from the growing threat of email borne threats: phishing, malware, BEC and spam. We are competing against an active adversary and are seeking to reduce phishing, malware and spam. We offer a challenging environment that fosters creativity and rewards excellence.

• Member of a creative, enthusiastic, and geographically distributed team (in a 24/7/365 "follow the sun" model) that is responsible for identifying, parameterizing, and responding quickly to spam attacks levied against some of the world’s largest organizations.
• Analyze email messages reported by customers as well as work on large data sets to determine correct classification (spam, phishing, malware, BEC, bulk, ham).
• Content development: perform deep analyses of spam message headers & structures to identify novel spam features, and design rules/signatures to detect those features and block email borne threats.
• Ad-hoc development of tools as necessary to aid/streamline analysis activities.
• As an Email Cybersecurity analyst with coding experience, design and develop new PoCs threat detection systems or learn how to add this skill to your toolset.
• Continue to develop and support existing Threat Detection PoCs based on the existing Threat Detection framework.
• Developing and maintaining Python applications/tools, writing clean and efficient code, debugging and troubleshooting issues, collaborating with cross-functional teams, and participating in code reviews. Knowledge of database systems is a plus.
• Be available on a rotating on-call basis to respond to develop signatures that detect and block emerging or ongoing threats.
• Help define the landscape, prevalence, and evolution of messaging abuse, threats, and attacks by participating in future requirements discussions of our products.

• Knowledge of different types of email borne attack vectors, tools and tactics.
• In-depth knowledge of email borne threats: phishing, malware, BEC and spam. Ability to identify suspicious patterns in URLs, domains, and overall email structure (headers and context).
• Ability to create detection signatures/rules (content development) based on observed patterns with 2+ years of experience.
• Curiosity about email headers and structure.
• Familiarity with how mail delivery works and knowledge of email security standards and protocols (SPF, DKIM, DMARC) would be beneficial.
• Practical knowledge with Regular Expressions.
• Minimum 2+ years hands-on experience with Python or another programming language.
• Experience in one Python framework (Django, Flask or Pandas).
• Experience with data analysis, familiarity with cybersecurity best practices, and ability to work with large datasets.
• Familiarity with Unix environments and command line tools for text processing.
• Familiarity and/or experience with LUA-based detection signatures is a plus.
• Familiarity and/or experience with ClamAV and/or Yara and/or in-house frameworks for signature-based detection is a plus.
• Willingness to take an important technical role.
• Demonstrated analytical and creative problem-solving abilities.
• Ability to work independently yet integrate with remote teams.
• Can-do attitude with a focus on problem solving, product quality, and a strong desire to get the job done.
• Requirements/Education and/or Equivalent Experience (technical and non-technical capabilities).
• BSCS or equivalent, or equivalent technical experience.

We are a customer-focused organization with leading edge products and a culture of collaboration and appreciation. We are a multinational company with locations in many countries, and we encourage applications from individuals of all backgrounds and perspectives. If you need accommodation during the application or interview process, please reach out to accessibility@proofpoint.com.

How to Apply: Submit your application here. We can’t wait to hear from you!

Why Proofpoint? At Proofpoint, we offer a comprehensive compensation and benefits package, including competitive compensation, comprehensive benefits, learning and development opportunities, flexible work options, wellness days, recognition programs, and global collaboration opportunities.