Zscaler

Zscaler is looking for a highly technical staff security researcher with significant experience in threat detection engineering. This position needs to have a deep understanding of emerging threats, security technologies, a knack for problem-solving, and a creative approach to create innovative threat detection solutions. Analyze zscaler product telemetry and hunt for threats at scale through in-depth log analysis and malware behavior. The results will be used to develop innovative tools to automate further threat hunting, produce technical threat analytics reports, and publish research blogs. Responsibilities: Collaborate with threat-hunting operations and drive product innovation in threat detection. Drive positive threat hunting service outcomes through cross-functional collaboration with other functional teams, across threat hunting, data engineering etc. Perform threat modeling, design and build effective threat detection rules and models to help shorten the mean time to respond. Responsible for analyzing advanced threats & TTPs and creating effective detections allowing threat hunters to successfully find the needle from the haystack. Responsible for the development and design of signals which can automatically highlight emerging threats. Analyze malware and threat attacks for patterns and develop automated solutions for analysis, classification, and categorization of data for further automation. Create innovative security solutions and strategies to support threat alerting pipeline allowing Threat Hunters to quickly identify and remediate potential security threats. Work with global threat intelligence collectors to identify, contextualize, and instrument current and emerging cyber threats. Actively participate in the cyber security community, establishing relationships and knowledge sharing. Develop security-focused tools and services in support of intelligence, detection, and response.

Required 8+ years hands-on threat detection, threat research and threat hunting experience. Strong understanding of tools, tactics and procedures (TTPs) of threats actors (eCrime/APT). Experience in incident analysis and response using industry standard frameworks such as MITRE ATT&CK and the cyber kill chain. Experienced in security information and event management tools, such as Splunk, Elastic search. Experience with malware analysis - dynamic & static. Must be able to validate findings, perform root cause analysis, and deliver recommendations for fixes. Strong scripting and automation skills are must (Python preferable). Must have excellent reporting and analytical skills. Strong understanding of web protocols and web application security. Experience writing IDS/IPS, YARA signatures. Preferred: TTP based threat hunting In-depth log analysis and malware tracking and monitoring. Data mining experience with large security data sets such as IDS, IPS and firewall logs. Strong development background with experience in Python and Familiarity with SQL. Education: Bachelor’s or graduate degree from four-year college or university (preferably in Computer Science, Engineering, or a related discipline), or equivalent security industry work experience.