Senior Security researcher

Job description

Role Overview:

Were looking for a Email Security Researcher to join our Email Security Research Team. In this role, you will focus on identifying and mitigating advanced email-borne threatsspam, Business Email Compromise (BEC), vishing, and targeted impersonation campaigns. Youll leverage open-source and commercial tools, develop detection rules, and collaborate with global SOC teams to continuously improve our email threat-detection capabilities.

Key Responsibilities:

Threat Analysis & Hunting:

• Review large volumes of email traffic to identify malicious patterns, emerging spam campaigns, BEC tactics, vishing attempts, and impersonation fraud.
• Perform root-cause analysis on incidents and produce actionable intelligence.

Rule Development & Tuning:

• Author and maintain detection signatures in Snort, YARA, ClamAV, and SpamAssassin.
• Optimize rule performance to minimize false positives/negatives.

Automation & Tooling:

• Develop Python scripts and serverless functions (AWS Lambda or GCP Cloud Functions) to automate email parsing, feature extraction, and alerting.
• Integrate detection engines into SIEM and SOAR platforms.

Collaboration & Reporting:

• Work closely with SOC analysts, incident responders, and product teams to triage alerts, refine workflows, and deploy new detection logic.
• Communicate findings and recommendations through clear technical reports and dashboards.

Continuous Improvement:

• Stay current on attacker tactics (TTPs), new phishing/vishing toolkits, and protocol-level evasion techniques (e.g., sender forging, DMARC bypass).
• Contribute to threat-intel feeds and internal knowledge bases.

Basic Qualifications:

Experience:5-8 years total with 35 years in email security research or detection engineering, with a focus on spam, BEC, vishing, and impersonation.

Tools & Technologies:

• Rule engines:Snort, YARA, ClamAV, SpamAssassin
• Scripting:Python (experience with email libraries imaplib, email, etc.)
• Cloud platforms:AWS or GCP (Lambda/Functions, serverless compute, storage)
• Email Protocols & Forensics:Proficient with SMTP, MIME, DKIM, DMARC, SPF, and email header analysis.
• Analytical Skills:Strong capability to sift through raw logs and MIME bodies to uncover malicious indicators.
• Communication:Clear written and verbal skills to document findings for technical and non-technical audiences.

Preferred Qualifications:

• Machine Learning & Analytics:Hands-on experience applying ML or statistical methods to email threat detection (e.g., feature engineering, anomaly detection, clustering).
• Global SOC Environment:Prior work in a 247 Security Operations Center supporting multi-region email volumes.
• Threat Intelligence Integration:Familiarity with integrating open-source or commercial intel feeds into detection pipelines.
• Scripting & Infrastructure as Code:Experience with Terraform, CloudFormation, or similar for automated deployment of detection infrastructure.