Security Researcher – EDR
ID: JR0034151
Job Title:
Security Researcher – EDR
About Trellix:
Trellix is a global company redefining the future of cybersecurity and soulful work. The company’s comprehensive, open and native cybersecurity platform helps organizations confronted by today’s most advanced threats gain confidence in the protection and resilience of their operations. Trellix, along with an extensive partner ecosystem, accelerates technology innovation through artificial intelligence, automation, and analytics to empower over 50,000 business and government customers with responsibly architected security. More at https://trellix.com.
Role Overview:
We are looking for a skilled EDR Security Researcher. Your primary responsibility will be to evaluate and improve our EDR product’s detection capabilities by identifying detection coverage gaps and developing signatures to address these gaps effectively.
About the role:
- Reverse engineer malware to identify malicious code, obfuscation techniques, and communication protocols.
- Author detection rules for behavior-based detection engines.
- Conduct deep research on attacker campaigns and techniques to support detection investments and improve customer experience.
- Write generic threat detections based on static and dynamic detection engines.
- Demonstrate a strong understanding of cybersecurity threats, attack techniques, and the MITRE ATT&CK framework.
- Conduct proactive and reactive threat hunting and identify detection issues such as misses or misclassifications from a large-scale dataset.
- Respond to escalations to resolve detection effectiveness issues (misclassifications, false positives, and false negatives).
- Engage and collaborate with diverse partner teams to drive great customer experiences and ensure holistic protection.
- Develop alerting, reporting, and automated detection solutions.
- Build tools and automation to improve productivity.
About you:
- 3+ years of experience writing detection using Snort, Yara, Sandbox, or proprietary detection engines.
- 2+ years of experience performing threat hunting or deep familiarity with incident response procedures, processes, and tools.
- 2+ years of experience querying and analyzing (for malware/TTPs) large datasets.
- Experience in programming or scripting languages (e.g., Python, PowerShell).
- Experience in utilizing various malware analysis tools and frameworks (e.g., IDA Pro).
- Experience performing detection engineering across multiple operating systems, including Windows, Linux, and macOS.
- Excellent verbal and written communication skills in English.
Company Benefits and Perks:
We work hard to embrace diversity and inclusion and encourage everyone to bring their authentic selves to work every day. We offer a variety of social programs, flexible work hours and family-friendly benefits to all of our employees.
- Retirement Plans
- Medical, Dental and Vision Coverage
- Paid Time Off
- Paid Parental Leave
- Support for Community Involvement
We're serious about our commitment to diversity which is why we prohibit discrimination based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation or any other legally protected status.