In this role you be responsible for supporting threat intelligence analysts by creating tools and software to enable identifying and tracking sophisticated adversaries.
- Work with analysts by observing gaps and opportunities to provide efficiencies in the data
- Provide feedback to PMs that have long term planning of tool development
- Define, develop, and implement tooling and techniques to both discover and track adversaries of today and identify the attacks of tomorrow.
- Develop software to support triage and analysis of datasets and information associated with APT activity and behavior as well as APT artifact analysis.
- Building tooling to decode data to enable analysts to understand and mitigate a threat
- Partner with other groups to better enable security analysis scenarios
- 5+ years of professional software development lifecycle experience in C# , C++, and/or Python
- 5+ years working with products and services to improve security for customers
- 2+ years working with big data technologies (Cosmos, Hadoop, Azure Data Lake, etc)
- Experience with development involving extraction/manipulation/summarization of security logs and feeds
- 2+ years of experience correlating across very large and diverse datasets (ADE, Azure Data Lake, )
- 2+ years working with SQL-based databases
- Experience working closely with threat intelligence analysts to understand their workflow and analytic
- Applied knowledge of adversary phases of operation- particularly how to work across the phases in order to uncover new intelligence.
- Knowledge across critical elements and common data types used in threat intelligence analysis, including:
- malware used in targeted adversary comapigns
- host and log forensics
- network forensics
- Experience supporting incident response