Security Researcher & Analyst - Email Threats

Available locations: Lisbon, Portugal Overview
Our research an analyst team will be focused on email threats that are directed at customers protected by the Cloudflare Email Security products. New email threats are constantly emerging as phishing remains the number one source of breaches. Evaluating new threats and the efficacy of our email detections will be part of the day-to-day in this role. This will involve how to stop new and novel techniques by threat actors and ensuring our detections are targeted and highly effective.
As part of the larger Intel team the role will work to develop new AI and machine learning models to scale the system defenses as well as scale our ability to evaluate customer detection feedback.
Key Responsibilities

• Experience with email analysis
• Ability to understand the latest security trends as they relate to email-borne threats
• Submit IOCs to data pipeline based on external reports
• Define automations and software requirements for support tooling
• Define processes and procedures to create 24x7 coverage of miscategorizations
• Continually evaluate the quality of threat data feeds, work to maximize value from them, evaluate new potential sources of data
• Research observed IoCs and network behavior patterns and label data
• Work with data scientists to identify security threats and create machine learning models
• Be a team SME and resource for data scientists building security models and application developers building security products
• Become a subject matter expert for email threats and categorization data
• Define and implement metrics for product efficacy
  • Research and plan potential software, data science or machine learning projects to improve false positive and false negative rates
  • Continually monitor data quality and bring data quality issues and proposed solutions to team leadership
• Write blog posts and communicate both internally and externally about Intel Team's work
• Execute daily operational tasks and define automations to streamline operational tasks
• Work with team to define technical requirements for security products
  • Research threats, exploits, and TTPs being defended against in products and work with engineers to create products that defend against them

Required Skills & Abilities

• Experience analyzing, tracking and defending against phishing attacks
• Familiarity with regular expressions and their practical application in tracking malicious activity
• Working knowledge of SQL and devising SQL queries
• Experience with detection development using YARA
• Working knowledge of email authentication protocols (SPF, DMARC, DKIM), and experience in email header analysis
• Able to use git to create, edit, and review pull requests
• Basic front-end or full-stack development skills preferred but not required
• Knowledge of and passion for cybersecurity
• Knowledge of cyber security industry terms and concepts
  • e.g. MITRE ATT&CK Framework, Lockheed Killchain
  • Ability to learn about security threats and map them to the MITRE ATT&CK framework and Lockheed Killchain
• Strong knowledge of networking and "how the Internet works"
  • DNS, HTTP, TCP/IP, TLS, public key encryption
• Ability to communicate to stakeholders and management when priorities change