Threat Researcher

About The Team

Arctica Wolf Threat Content Team is the owner and intellectual author of the telemetry and detection rules of our Aurora Focus (EDR) product, part of Aurora Endpoint Defense. Our team started 3 years ago in BlackBerry-Cylance. Since then we have developed internal tools to streamline daily tasks, defined work standards for content creation (detection/telemetry rules), and high fidelity content (fine-tune processes, reduce false positives). We have quality assurance processes (Unit Test, Regression and E2E Testing) and communication channels with Threat Intel and S2. We work with MDR, TRI, AR and CTI teams to stay ahead with latest findings and continually protect our clients. We actively participate in purple teaming exercises and maintain two MITRE accreditations (Enterprise 2023 - Turla; Managed Services 2024 - MenuPass + BlackCat) as EDR Blue Teamers.

We are on the lookout for new attacks, 0days, TTP updates, and threat intelligence to keep our clients protected.

About The Role And Responsibilities

Analyze, research, and develop new content for Aurora Focus, applying the MITRE ATT&CK framework.

Convert investigations from Threat Teams (TRI/AR/CTI) into new content (detection/telemetry rules).

Customer Escalation (BFD): collaborate with S2 on investigations regarding emerging threats to generate new detection rules.

Fine-tuning: determine true threats vs. false positives and provide solutions (exclusions, logic changes, or reducing severity).

Python scripting to automate internal tools or projects.

Manage multiple tasks simultaneously; coordinate and meet scheduled goals.

Maintain up-to-date documentation for new tools or processes.

Run regression and end-to-end testing; push production releases and notification emails.

Participate in Purple Teaming exercises.

Generate metrics over Databricks Dashboard.

Deliver regular threat briefing presentations to internal and external stakeholders on threat actor activity, novel TTPs, and emerging malware or exploits.

Utilize best practices for threat research and documentation and deliver high-quality detection rules.

About You

Relevant experience in threat intelligence or threat research roles.

Experience applying the MITRE ATT&CK framework to intelligence products and depth of analysis for each TTP and threat actor.

Experience analyzing application and infrastructure telemetry (logs, network flow, audit logs, metrics, core dumps).

Experience analyzing phishing and malware campaigns, exploited vulnerabilities, supply chain attacks, and data breaches.

Understanding of threat protection/detection tooling: SIEM, XDR/EDR.

Experience with Python scripting. Understanding of JSON and regex.

Linux and MacOS terminal usage; basic .sh/.bat scripting; Windows Sysinternals.

Experience using Git repositories; Virtual Machines (VMware).

SQL knowledge; Databricks is a plus. Lolbins/Lolbas knowledge; Sigma Rules knowledge.

Excellent written and verbal communication skills; resourceful self-starter with a positive, can-do attitude.

Nice To Have

Experience with Agile methodology.

Experience using Elastic Stack (Elasticsearch, Kibana) or Grafana.

Presented on cybersecurity or threat intelligence at industry conferences or meetups.

Participation in ISACs, trust groups, or intelligence partnerships.

CISSP, OSCP, GCTI or other relevant certifications are a plus.

Interview Process

Phone pre-screening: brief discussion of work history and overview of Arctic Wolf. Approximately 30 minutes.

Technical assessment: threat intelligence assessment to demonstrate strategic thinking, analytical skills, and technical understanding of TTPs, malware, vulnerabilities, and exploits.

Face-to-face interviews: discussions with several team members; discuss the technical assessment, collaborate on a technical problem, and review past projects and career goals. Approximately 1 hour per interview.

Security Requirements

Work in accordance with AW’s Information Security policies, standards, processes, and controls to protect information assets.

Must pass a criminal background check and employment verification as a condition of employment.

Seniority level

Entry level

Employment type

Full-time

Job function

Information Technology

Industries

Computer and Network Security

Referrals increase your chances of interviewing at Arctic Wolf by 2x

#J-18808-Ljbffr