Job Title:
Staff Security Researcher - EDR
About Trellix:
Trellix is a global company redefining the future of cybersecurity and soulful work. The company’s comprehensive, open and native cybersecurity platform helps organizations confronted by today’s most advanced threats gain confidence in the protection and resilience of their operations. Trellix, along with an extensive partner ecosystem, accelerates technology innovation through artificial intelligence, automation, and analytics to empower over 50,000 business and government customers with responsibly architected security. More at https://trellix.com.
Role Overview:
We are looking for a highly skilled and experienced Staff EDR Security Researcher to join our team. As a key member of our research team, you will focus on evaluating and enhancing our EDR product's detection capabilities, addressing detection gaps, and developing sophisticated detection models. You will work on complex projects and play a critical role in advancing our detection technologies.
About the role:
- Lead efforts to reverse engineer sophisticated malware, identifying malicious code, obfuscation techniques, and communication protocols.
- Author advanced detection rules for behavior-based detection engines.
- Conduct comprehensive research on attacker campaigns and techniques to support detection investments and enhance customer experience.
- Develop and optimize generic threat detections based on static and dynamic detection engines.
- Demonstrate a strong understanding of cybersecurity threats, attack techniques, and the MITRE ATT&CK framework.
- Perform advanced proactive and reactive threat hunting to identify detection issues such as misses or misclassifications from large-scale datasets.
- Respond to escalations to resolve detection effectiveness issues (misclassifications, false positives, and false negatives).
- Collaborate with cross-functional teams to drive exceptional customer experiences and ensure comprehensive protection.
- Develop advanced alerting, reporting, and automated detection solutions.
- Stay abreast of the latest cybersecurity threats, attack techniques, and industry developments.
- Build and maintain tools and automation to improve productivity and detection efficacy.
- Utilize machine learning techniques to enhance threat detection and response capabilities.
About you:
- 7+ years of experience writing detections using Snort, Yara, Sandbox, or proprietary detection engines.
- 5+ years of experience performing threat hunting or deep familiarity with incident response procedures, processes, and tools.
- 5+ years of experience querying and analyzing (for malware/TTPs) large datasets.
- Strong experience in programming or scripting languages (e.g., Python, PowerShell).
- Extensive expertise in utilizing various malware analysis tools and frameworks (e.g., IDA Pro).
- Experience performing detection engineering across multiple operating systems, including Windows, Linux, and macOS.
- Demonstrated leadership in driving complex projects and initiatives.
- Proven ability to mentor and develop junior researchers.
- Experience with applying machine learning techniques to cybersecurity problems.
- Excellent verbal and written communication skills in English.
Company Benefits and Perks:
We work hard to embrace diversity and inclusion and encourage everyone to bring their authentic selves to work every day. We offer a variety of social programs, flexible work hours and family-friendly benefits to all of our employees.
- Retirement Plans
- Medical, Dental and Vision Coverage
- Paid Time Off
- Paid Parental Leave
- Support for Community Involvement
We're serious about our commitment to diversity which is why we prohibit discrimination based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation or any other legally protected status.