Adversary Research Engineer

As an Adversary Research Engineer, you will be responsible for producing new adversary emulations that are used to evaluate the performance of information security controls via our Breach and Attack Simulation platform. You’re aware of what the adversaries are doing today, and you’d like to create advantages for our customers and partners.

Essential Duties and Responsibilities

• Translate analysis of adversary TTPs into the AttackIQ platform content, which is then used to evaluate the performance of security control technologies by our customers and partners.
• Ability to analyze and deconstruct an adversary's behavior, effectively translating it into Python code for development and implementation.
• Ability to spot patterns and trends, and to create emulations in response to emerging threats including nation state level and ecrime campaigns.
• Work in a globally distributed team of engineers and researchers.

• Demonstrated understanding of most commonly-deployed information security technologies to support network and endpoint defense — think Palo Alto, Proofpoint, CrowdStrike, Microsoft Defender and beyond.
• Hands-on skill with common hacking tools, penetration testing and vulnerability scanning tools like Kali, Metasploit or similar.
• Knowledge of current adversary TTPs and how to model behaviors in the context of MITRE ATT&CK.
• Smart, driven, and able to think-on-your-feet in a fast-paced environment.
• Strong team player with strong emotional intelligence, able to think outside the box and turn ideas into results

• Have proficient working knowledge of Python data structures, algorithms, abstract classes, advanced concepts, and the ability to write clean, well-documented, and efficient Python code.
• First-hand experience of creating custom tooling, applying enhancements and bug fixes
• Have proficient working knowledge of git
• Comfortable with getting into the internals of at least one operating system

• Bachelor’s degree
• At least 4 years’ experience in either an offensive or defensive cybersecurity capacity.
• You’ve worked as one or more of the following roles: SOC analyst, IR analyst, red teamer, penetration tester, threat researcher, threat hunter, detection engineer, malware analyst, security engineer or similar.

• Fluent in English
• Exceptional written, oral, presentation and interpersonal skills.
• Seasoned Python developer
• AI/LLM experience a huge plus
• Linux and/or macOS experience a huge plus

Note to all recruitment agencies
AttackIQ does not accept agency resumes without a signed agreement. Please do not forward resumes to our jobs alias, our employees, or any other company location. AttackIQ is not responsible for any fees related to unsolicited resumes and will not pay fees to any third-party agency or company that does not have a signed agreement with us.

At AttackIQ we value diversity and are proud to be an equal opportunity employer.