Experience Inc. Jobs

Job Information

VMware Threat Researcher - Offensive R&D - Opportunity for Working Remotely in Minneapolis, Minnesota

Threat Researcher - Offensive R&D

VMware Carbon Black, the leader in advanced threat protection, is seeking a Threat Researcher to join its Threat Analysis Unit (TAU). This is a mid-level position in Cyber Security, targeted toward individuals with more than 4 years of Cyber and/or Threat Intelligence experience. Educational and personal experience with network/systems administration and/or information security related work is necessary. Expert understanding of modern defensive and offensive security tools, techniques, and methods required.

Threat Researchers at Carbon Black are responsible for leading, conducting, and presenting threat research from the Threat Analysis Unit (TAU). This requires a strong understanding of endpoint detection, cloud technologies, security operations, current threat landscape, and emerging threats. Threat Researchers are also expected to provide mentorship to other members of the team, take lead in maturing procedures, evaluate new security technologies, and preferably have an understanding of incident response or penetration testing processes, and prototype/experiment with new ideas and technologies to improve both our product and services.

Job Role and Responsibility

  • Perform security research, handle complex security events, and coordinate with other teams

  • Leverage threat intelligence to emulate known threat actors’ tactics, techniques, and procedures.

  • Develop process automation and penetration testing scripts

  • Engage with technical and non-technical audiences to articulate both techniques and results

  • Perform infrastructure penetration testing to discover and exploit vulnerabilities to test the effectiveness of the organization’s security posture

  • Ensure that best practices are implemented through security policies that address the client's business needs while protecting their vital corporate assets

  • Work closely with internal and external customers for product and service improvements.

  • Take ownership or support ongoing projects by assisting in the implementation, research, testing and documentation of security related projects.

  • Share data and expertise with private and public communities

  • Create custom rules for dissemination into the Carbon Black product suite.

  • Maintain knowledge of emerging security technologies and discipline developments. Research and manage the implementation of new technologies to enhance our products and customers’ security postures.

  • Manage and lead evaluations conducted by external third parties, including vulnerability assessments, product efficacy and penetration tests.

  • Respond to reported product security vulnerabilities and bypasses.

  • Train and mentor security leaders and managers, security operations teams, threat intelligence groups and incident responders including team members outside of the TAU group

  • Actively participate in the security community as a subject matter expert, write blog posts, and present at conferences.

Required Qualifications

  • Advanced knowledge of artifacts and behavior in Windows, Linux, and/or macOS

  • Experience with a number of the following is a requirement: C, C++, C#, PowerShell, Python, Go, or similar

  • Windows system internals experience

  • Knowledge of x86 and x64 instruction set architectures

  • Experience with post exploitation frameworks and tooling

  • Ability to develop PoC’s for research and product demonstrations

  • Experience performing adversary emulation aligned to threat actor intelligence

  • Experience aligning TTP to MITRE ATT&CK Framework

  • Has a solid understanding of exploitation concepts and adversary emulation

  • Knowledge of Penetration Testing or Red Team experience

  • 4 years of Cyber and/or Threat Intelligence experience

Preferred Qualifications

  • Understanding of the threat landscape and latest attack techniques

  • Ability to design and perform attack scenarios to evaluate product efficacy

  • Understanding of exploits and attacks against Windows, Linux and macOS systems

  • Understanding defensive capabilities and how attackers bypass them

  • Previous Incident Response or Penetration Testing experience

  • Experience creating and/or developing analysis environments

  • Experience with Endpoint Security products (EDR, etc)

  • Strong analytical skills to define risk, identify potential threats, and develop action/mitigation plans.

  • Strong interpersonal skills, ability to mentor/train staff and bring awareness to current and emerging threats

  • Strong written and verbal communication skills with an ability to communicate complex concepts to technical and non-technical audiences

  • Certifications such as SANS GIAC Certifications (GCIH, GPEN, GSEC, etc.) OSCP/OSCE

This job may require the candidate to travel and/or work from a facility that requires full vaccination prior to entry.

Category : Engineering and Technology

Subcategory: Software Engineering

Experience: Manager and Professional

Full Time/ Part Time: Full Time

Posted Date: 2022-04-01

VMware Company Overview: At VMware, we believe that software has the power to unlock new opportunities for people and our planet. We look beyond the barriers of compromise to engineer new ways to make technologies work together seamlessly. Our cloud, mobility, and security software form a flexible, consistent digital foundation for securely delivering the apps, services and experiences that are transforming business innovation around the globe. At the core of what we do are our people who deeply value execution, passion, integrity, customers, and community. Shape what’s possible today at http://careers.vmware.com.

Equal Employment Opportunity Statement: VMware is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: VMware is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at VMware are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. VMware will not tolerate discrimination or harassment based on any of these characteristics. VMware encourages applicants of all ages. Vmware will provide reasonable accommodation to employees who have protected disabilities consistent with local law.