Job Description
As a Senior Security Researcher at DomainTools you will capture and investigate cyber attacks, including analyzing malware and payloads, attack origins and actors, and associated weaponized or utilized internet resources. Your work will inform R&D and product roadmap decisioning, improve the overall security DNA at the company, and contribute to primary research delivered to our customers and marketplace.

Minimum Qualifications

• Expert knowledge of current cybercriminal and APT groups, along with their TTPs, motivations, and targets.
• Experience with sharing threat research and investigations with the public and customers, including presentations, blog posts, webinars, etc.
• Experience investigating threats, using OSINT to investigate the attacker's infrastructure, identify TTPs & campaigns, & determine likely targets. 
• Expert knowledge of the cyber security concerns facing large enterprises and government agencies. 
• Security-relevant context with standard protocols: TCP/IP, HTTP, DNS 
• Experience with malicious code analysis: be able to examine malware, capture behavior, identify patterns to place into malware families.
• Technical expertise in network defense technologies, the cyber kill chain, forensic tools, threat intelligence, and active defense technologies. 
• Hands-on experience with system investigation tools like WireShark, TCPDump, Bro, Metasploit, Nessus/OpenVAS, Scapy, etc. 
• Deep understanding of vulnerabilities, exploits, and the latest attack vectors. 
• Ability and desire to work across Technology, R&D, Product and Marketing teams. This is not meant to be a siloed research-only position.
• Must be authorized to work in the United States.

Preferred Qualifications

• Incident response experience in which you routinely perform in-depth forensics analysis against OSINT, network data, system data, and log data. 
• Experience setting up secure malware collection environments. 
• Experience with network, content, and application security technologies 
• Ability to synthesize technical information and document it in an engaging manner through graphical and verbal depictions. 
• Excellent writing and presentation skills 
• An extensive network of professional colleagues in the cyber security community.

Duties

• Identify new threat TTPs and signatures used by cyber threat actors and develop primary research based on that information. Track emerging attacker methodologies. Describe threat actors or actor groups. 
• Analyze malware and attacker tools to assess their functionality, origin and purpose. 
• Maintain up-to-date awareness of computer network exploitation and attack tools and tradecraft, threats and vulnerabilities, and respective countermeasures. 
• Support the DomainTools content marketing and PR efforts with timely analysis of breaches and attack vectors. 
• Contribute to infosec community through papers, blogs, and presentations. 
• Collect open source information for aggregation into our intelligence repository. 
• Train other company staff on research techniques such as malware reverse engineering, exploit kit analysis, attack infrastructure mapping, etc.
• This position may be remote or based in our Seattle office. If remote, we will require travel to the Seattle office 1 week out of every 8 weeks.

DomainTools helps security analysts turn threat data into threat intelligence. We take indicators from your network, including domains and IPs, and connect them with nearly every active domain on the Internet. Those connections inform risk assessments, help profile attackers, guide online fraud investigations, and map cyber activity to attacker infrastructure. Fortune 1000 companies, global government agencies, and leading security solution vendors use the DomainTools platform as a critical ingredient in their threat investigation and mitigation work.