Cyber Security Researcher

Command Zero is looking to revolutionize the way organizations conduct cyber investigations. To date, the founders have participated in six successful cybersecurity acquisitions, including exits to Symantec, McAfee, Sourcefire, and Cisco. Backed by leading tier-1 VCs and dozens of cyber executives and thought leaders, Command Zero is currently hiring.

Our team is predominantly remote and distributed across North America. This environment necessitates strong communication skills, sociability, and pride in carrying out duties and responsibilities. We hold ourselves to a high standard and foster a culture of mutual respect and inclusion. If you enjoy working with a group of creative, talented, and enthusiastic teammates to solve challenging problems while impacting the cyber security of organizations worldwide, this is the place for you.

We are currently hiring for our Security Research team to help build the Command Zero Investigation Platform. This role is ideal for individuals passionate about cybersecurity, with a strong background in Security Operations Center (SOC) environments or as Incident Responders, particularly in SaaS or cloud-based environments.

What you’ll do:

• Create and test investigation questions to facilitate automated investigations within the product.
• Research & create supporting investigation material such as queries, playbooks, and data filters applied to a diverse set of new and existing cloud and enterprise security and non-security products.
• Research and analyze the latest cyber threats, leveraging insights to craft realistic attack scenarios and document investigation, detection & remediation strategies.
• Analyze and create data normalization pipelines to be used directly in the product in support of integrations.
• Document attack procedures and create supporting materials, including investigation content and investigation scenario mapping.
• Research and support customer investigation and bespoke detection content requests.
• Review, test, and validate investigation outcomes produced by existing AI technologies.

Who you are:

• Self-motivated and seeking challenges.
• Someone who favors pragmatic choices over dogmatic ones.
• Independent and able to deliver on goals with minimal oversight.
• Someone who communicates effectively, with empathy, with your teammates.
• Curious and constantly seeking better ways to improve yourself and the people around you.
• Ability to work in an unstructured environment (flexible and willing to adapt to the needs of an early-stage product and team).
• Can give and receive critical feedback.

Requirements:

• Bachelor's degree (computer science) or equivalent practical experience.
• Expertise in investigating security incidents in cloud platforms including AWS, Azure, or GCP.
• Expertise and demonstrated experience in one or more SIEM technologies, to include their respective query language.
• Experience developing detection signatures and content in any platform or language.
• Deep understanding of classic and emerging threat actor tactics, techniques, and procedures in cloud and SAAS environments.
• Deep understanding of incident response processes.
• Ability to work effectively in a fast-paced, demanding and fluid environment, remaining calm under pressure, and demonstrating excellent conflict management skills.

Preferred Skills:

• Demonstrated prior experience and proven track record working in a product startup.
• Experience using Splunk, Azure Sentinel and/or other SIEMs.
• Experience with scripting language(s) for the purposes of retrieving and working with large data sets.

Entry level

Full-time

Information Technology

Computer and Network Security