Job Title:

Senior Security Researcher - EDR

About Trellix:

Trellix is the cybersecurity company transforming security operations with artificial intelligence (AI), analytics, and automation to create a resilient digital world. Our market-leading AI-powered XDR Platform learns and adapts to disrupt active threats and empower CISOs with living security. The platform’s open architecture and broadest set of native security controls across endpoint, email, network, cloud, and data security integrates with over 500 third-party tools to create multi-vector, multi-vendor event correlation and context to speed up investigations. The Trellix Advanced Research Center provides an additional layer of protection by continuously informing the platform on the latest threat actor TTPs (techniques, tactics, and procedures) and recommendations from millions of global sensors. Trellix and an extensive partner ecosystem accelerate technology innovation and empower over 40,000 business and government customers to build confidence in the protection and resilience of their operations. Learn more at Trellix.com.

Role Overview:

We are looking for an experienced Senior EDR Security Researcher. The primary responsibility of this role is to lead efforts in evaluating and enhancing our EDR product's detection capabilities. This includes detecting real attacks and APTs, identifying detection coverage gaps, developing advanced signatures, and leading complex research projects.

About the role :

• Reverse engineer complex malware to identify malicious code, obfuscation techniques, and communication protocols.

• Author advanced detection rules for behavior-based detection engines.

• Conduct in-depth research on sophisticated attacker campaigns and techniques to support detection investments and improve customer experience.

• Develop and optimize generic threat detections based on static and dynamic detection engines.

• Demonstrate a strong understanding of cybersecurity threats, attack techniques, and the MITRE ATT&CK framework.

• Conduct proactive and reactive threat hunting and identify detection issues such as misses or misclassifications from a large-scale dataset.

• Respond to escalations to resolve detection effectiveness issues (misclassifications, false positives, and false negatives).

• Collaborate with diverse partner teams to drive exceptional customer experiences and ensure comprehensive protection.

• Develop advanced alerting, reporting, and automated detection solutions.

• Build and maintain tools and automation to improve productivity and detection efficacy.

• Leverage machine learning techniques to enhance threat detection and response capabilities.

About you :

• 5+ years of experience writing detection using Snort, Yara, Sandbox, or proprietary detection engines.

• 3+ years of experience performing threat hunting or deep familiarity with incident response procedures, processes, and tools.

• 3+ years of experience querying and analyzing (for malware/TTPs) large datasets.

• Proficiency in programming or scripting languages (e.g., Python, PowerShell).

• Expertise in utilizing various malware analysis tools and frameworks (e.g., IDA Pro).

• Experience performing detection engineering across multiple operating systems, including Windows, Linux, and macOS.

• Experience with applying machine learning techniques to cybersecurity problems.

• Excellent verbal and written communication skills in English.

Company Benefits and Perks:

We work hard to embrace diversity and inclusion and encourage everyone to bring their authentic selves to work every day. We offer a variety of social programs, flexible work hours and family-friendly benefits to all of our employees.

• Retirement Plans
• Medical, Dental and Vision Coverage
• Paid Time Off
• Paid Parental Leave
• Support for Community Involvement

We're serious about our commitment to diversity which is why we prohibit discrimination based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation or any other legally protected status.