As a Security Researcher at DomainTools you will capture and investigate cyber attacks. This includes analyzing infection vectors like phishing & malware, attack origins and actors, and associated weaponized or utilized internet resources. Your work will improve our ability to predict malicious domains, provide context to investigations, and contribute primary research delivered to our customers and marketplace.

Minimum Qualifications

• 5+ years in Threat Intelligence, Incidence Response, or similar position
• Experience using OSINT to investigate attacks and threats. You should be able to use OSINT to characterize a threat and enumerate attacker infrastructure.
• Knowledge of the cyber security concerns facing large enterprises and government agencies. 
• Security-relevant context with standard protocols: TCP/IP, HTTP, DNS 
• Experience with malicious binary analysis: be able to examine malware, capture behavior, identify patterns to place into malware families.
• Technical expertise in network defense technologies, the cyber kill chain, forensic tools, threat intelligence, and active defense technologies. 
• Hands-on experience with system investigation tools like WireShark, TCPDump, Bro, Metasploit, Nessus/OpenVAS, Scapy, etc. 
• Understanding of vulnerabilities, exploits, and the latest attack vectors. 
• Ability and desire to work across Technology, R&D, Product and Marketing teams. This is not meant to be a siloed research-only position.
• Must be authorized to work in the United States.

Preferred Qualifications

• Incident response experience in which you routinely perform in-depth forensics analysis against OSINT, network data, system data, and log data. 
• Experience setting up secure malware collection environments. 
• Experience with network, content, and application security technologies 
• Ability to synthesize technical information and document it in an engaging manner through graphical and verbal depictions. 
• A network of professional colleagues in the cyber security community.
• Experience applying machine learning in the Cyber Security context.

Duties

• Identify new threat TTPs and signatures used by cyber threat actors and develop primary research based on that information. Track emerging attacker methodologies. Describe threat actors or actor groups. 
• Analyze malware and attacker tools to assess their functionality, origin and purpose. 
• Support the DomainTools content marketing and PR efforts with real-time analysis of breaches and attack vectors. 
• Contribute to infosec community through papers, blogs, and presentations. 
• Collect open source information for aggregation into our threat intelligence repository. 
• Train other company staff on research techniques such as malware reverse engineering, exploit kit analysis, attack infrastructure mapping, etc.
• This position is located in our Seattle office. There will be occasional travel to conferences.

DomainTools helps security analysts turn threat data into threat intelligence. We take indicators from your network, including domains and IPs, and connect them with nearly every active domain on the Internet. Those connections inform risk assessments, help profile attackers, guide online fraud investigations, and map cyber activity to attacker infrastructure. Fortune 1000 companies, global government agencies, and leading security solution vendors use the DomainTools platform as a critical ingredient in their threat investigation and mitigation work.