Senior Cloud Security Researcher

What You'll Do

• Research known and emerging threats with cloud and SaaS providers, including AWS, GCP, Azure, Office 365, and Google Workspaces
• Investigate telemetry and malicious activity to identify threats, provide context, and guide detection and response decisions. Work with Engineers and Data Scientists to ensure relevant data from Cloud and Identity telemetry sources are properly stored and indexed for historical analysis at scale.
• Conduct open and closed source research to associate suspicious activity with known threats and to communicate threats of concern to our customers. Sources include social media, blog posts, intelligence reports, sandbox output, private information sharing partners, internal detections, and more.
• Process and analyze patterns and trends in detections and write actionable intelligence products  to track TTPs, detection coverage, and remediation strategies.
• Define and analyze new activity clusters based on analysis of malicious and suspicious behaviors and activity observed across our customer base.
• Produce intelligence reports and communicate actionable insights based on analysis, both internally and externally to customers and the community.
• Actively engage with internal teams, external partners, customers, and the infosec community to share knowledge and enhance collaboration.
• Respond to customer questions about threats to help them understand their threat model, what matters to their organization, and what actions they can take in response to various threats.
• Validate Red Canary’s detection coverage against the continuously evolving threat landscape and identify unique or emerging threats to build detection coverage for.
• Mentor team members and contribute to the development of intelligence analysis expertise. Suggest new methods, processes, and products that the team could adopt to help us achieve our mission and improve our workflows.

What You'll Bring

• Experience with, or a drive to research, cloud and SaaS providers, including AWS, GCP, Azure, Office 365, and Google Workspaces, and cloud attack techniques or cloud-based threat groups.
• Proficiency in analytical problem-solving, quick learning of tools, and familiarity with query languages and data platforms like SQL, Splunk, Elasticsearch, Synapse Storm, or others.
• Strong analytical and problem-solving skills, including the ability to synthesize complex and contradictory information.
• Experience in open-source threat research, including social media, blog posts, and malware sandboxes.
• Knowledge of cyber threat intelligence concepts including attribution, group naming, making assessments, and pivoting..Familiarity with the mechanics of attack behaviors and MITRE ATT&CK ®.
• Experience tracking adversaries, including threat groups, activity groups, or malware families, and ability to differentiate unique and shared characteristics of clusters.
• Outstanding communication skills, both written and verbal, including the ability to communicate technical concepts in a clear, succinct fashion to subject matter and non-subject matter experts alike.
• Experience in Intelligence,  Security Operations Center (SOC), Digital Forensics and Incident Response (DFIR), or other security-focused roles
• Curiosity and adaptability to dive into data, tackle new challenges, and thrive in a fast-paced environment.