About the Role:
You’ll be working as a principal detection researcher within Threat & AI Engineering, reporting directly to the Director of Threat & AI Engineering. This individual will be responsible for providing multiple teams with technical direction to deliver high value, performant detections from our Detection Automation platform. They will provide technical guidance and direction to multiple teams of developers and detection researchers through the design, implementation, and automated/integration testing of detections within our software. This individual will have a clear history of successful contribution to professional detection development projects; they are driven, curious, and results oriented; they can manage competing priorities as they relate to improving existing our existing codebase of detections and constantly challenge the status quo.
Arctic Wolf Labs is the research-focused division at Arctic Wolf focused on advancing innovation in the field of security operations. The mission of Arctic Wolf Labs is to develop cutting-edge technology and tools that are designed to enhance the company’s core mission to end cyber risk, while also bringing comprehensive security intelligence to Arctic Wolf’s customer base and the security community-at-large. Leveraging the more than two trillion security events the Arctic Wolf Security Operations Cloud ingests, parses, enriches, and analyzes each week, Arctic Wolf Labs is responsible for performing threat research on new and emerging adversaries, developing advanced threat detection models, and driving improvement in the speed, scale, and detection abilities of Arctic Wolf’s solution offerings. The Arctic Wolf Labs team comprises security and threat intelligence researchers, data scientists, security development engineers with deep domain knowledge in artificial intelligence (AI), security R&D, as well as advanced threat offensive and defensive methods and technologies. Security Research Services Development partners with these groups to understand requirements, design & implement scalable, fault-tolerant solutions, and build the next generation of security capabilities for Arctic Wolf.
AS A PRINCIPAL DETECTION RESEARCHER – DETECTION AUTOMATION YOU WILL
· Act as a mentor to R&D technical leaders.
· Apply broad expertise and knowledge in highly specialized fields or several related disciplines.
· Lead and contribute to the development of company objectives and principles to achieve goals in creative and effective ways. Produce specifications and determine operational feasibility.
· Work on significant and unique issues where analysis of situations or data requires an evaluation of intangibles.
· Apply conceptual thinking to understand advanced issues and implications.
· Exercise independent judgment in methods, techniques, and evaluation criteria for obtaining results.
· Accountable for results, which may impact the entire function.
· Create formal networks involving coordination among groups.
· Focus on providing thought leadership and work on broader organizational projects which require understanding of wider business, by conveying advanced information and persuading several diverse stakeholders/audiences.
· Recognized internally as a subject matter expert.
· May direct the work of others.
About You You are a highly advanced detection researcher who makes important product decisions regarding direction and scope. You make informed decisions about which team members should work on which areas of a project and provide technical and professional leadership for the developers as well as work closely with surface domain directors regarding strategic planning. You identify and collaborate with multiple teams or organizations and have a deep understanding of system internals, networking, and technical trends. In addition, you are comfortable presenting to the executive team.
Basic Qualifications
- 10 or more years of professional experience as a detection developer, reverse engineer, security researcher or CNO developer
- Experience with:
- Python
- OS Specific Telemetry (Windows Security/Sysmon logs, Linux, MacOS)
- Windows PowerShell Monitoring
- SIEM Detections
- EDR detections/signatures
- Suricata, Sigma and Yara Rules
- Development of anomaly and behavioral based detections
- Streaming and Batch-based Detections
- Tuning and optimization of detections for all the above
- Experience with leading and mentoring groups of developers while contributing code independently.
- Experience designing and building detection frameworks and processes
- Experience managing and measuring security efficacy of detections
- Experience managing and measuring cost efficiency of detection frameworks
- Experience establishing and driving best practices with Detections-as-Code
- Deep understanding of networking security principles and flows
- Has experience interacting with and author workflows, such as prompts or tools, for LLMs, in AWS Bedrock
- Experience leading Agile development teams, preferably with formal Agile training
- Nice to have: Understanding of the Arctic Wolf service delivery model
- Nice to have: Experience with the Arctic Wolf detection framework and infrastructure
- Nice to have: Commitment to continuous learning and skills development.
- Nice to have: B.Sc. in a technical field (CS, CE, EE, Math, Physics, etc with M.Sc./PhD preferred)
In addition, you have proven leadership experience from previous projects, regardless of title held. You have the ability to perform programming tasks and large engineering projects with independence and expertise. You will be responsible for guiding and mentoring other staff members and will regularly lead technical projects. You have a high level of mastery over software development best practices, security research and building reusable software based on that research. You have a history of delivering successful projects, as well as some lessons learned from failures.
Top Skills
What We Do
The cybersecurity industry has an effectiveness problem. Every year new technologies, vendors, and solutions emerge, and yet despite this constant innovation we continue to see high profile breaches in the headlines. All organizations know they need better security, but the dizzying array of options leave resource-constrained IT and security leaders wondering how to proceed. At Arctic Wolf, our mission is to End Cyber Risk through effective security operations. To achieve this, we believe that organizations must do three key things: