The Role:

This highly technical role has a direct and real-time impact protecting Proofpoint customers. As a Security Research Engineer Intern on Proofpoint’s Threat Research team, you’ll be part of an amazing, collaborative, industry-leading team focused on tracking threat actors, malware, phishing, and other threats to develop static and dynamic (behavioral) signatures that detect and prevent threats on a massive scale. If you enjoy keeping abreast of and analyzing attacker techniques, malware and phishing campaigns, and using that knowledge to counteract those threats on a broad scale, then this is the role for you. This role has an absolute and direct impact on the efficacy of Proofpoint products, the quality of Proofpoint’s intelligence, and the protection of Proofpoint customers. 

Interns on the Threat Research team will work directly on authoring threat detection signatures with the guidance of a mentor on the team. As an intern, you will choose a research project to develop and make a presentation on your project by the end of the Summer. Because all team members work remotely, interns also need to have the ability to work effectively without an office and be comfortable with using online meeting technology and chat to communicate effectively with their mentor, other interns, and the team.  

It is important that interns already be very familiar with how threat actors use malware and phishing threats, and specifically how they attempt to evade security detection when delivering these threats over email. Experience analyzing malware, analyzing obfuscated JavaScript on phishing pages or malware delivery websites, and any Cybersecurity Capture-the-Flag Team or CCDC Team experience is helpful. 

Your day-to-day:

• Stay abreast of a constantly evolving threat landscape 

• Understand the latest tactics, techniques, and procedures used by threat actors to bypass detection environments 

• Analyze phishing websites, threat detection evasion techniques, malware behavior to craft effective detection rules using static pattern matching and behavioral (sandbox) systems 

• As needed, assist with reverse engineering malware executable files for Windows 

• Apply critical thinking skills to identify the most efficient and effective way to mitigate the analyzed threat 

• Work with researchers to address detection issues and quickly correct any false positive issues with existing detection rules 

• Work effectively as part of a remote team using chat, video chat and conference calls 

• Work with engineering teams, defining requirements, for continuous improvement of critical detection capabilities 

What you bring to the team:

• A passion for threat research  

• Ability to write code in Python, or some Python experience with a desire to learn 

• Experience writing malware behavior signatures in Python is a plus 

• Some experience analyzing malware using a debugger, and willingness to learn is a plus 

• Experience with statically reverse engineering malware using IDA Pro, Ghidra, Binary Ninja, or other reverse engineering tools is desired, although being an expert is not required 

• Ability to accurately interpret the forensic output of dynamic analysis (sandbox) environments 

• Experience in working with malware sandboxes (for example: Cuckoo, Joe Sandbox, Any Run, Triage, etc.) 

• Willing and able to work independently and collaboratively as part of a distributed team of industry-leading security researchers 

• Ability to perform the above in a fully remote work environment 

Candidate Profile: 

You have the ability and interest in working full-time (a maximum of 38 hours/week) this summer and part-time (a maximum of 20 hours/week) for 9 months afterward. You are currently pursuing an undergraduate degree with a strong academic record. This internship is scheduled to begin in Summer 2025 and continue through 2026 (1-year program).