Netwitness Sr Principal Research Scientist

NetWitness is the leader in network threat detection and response for hybrid and multi-cloud enterprises.
The NetWitness Platform XDR delivers complete visibility combined with applied threat intelligence and user behavior analytics to detect threats, prioritize activities, investigate, and automate response. All this empowers security analysts with better, faster efficiency to keep security operations well ahead of business-impacting threats. The NetWitness Platform captures packets and logs across network, public cloud, SaaS, and identity by applying patented security-led technology that enables the user to surface and prioritize threats for rapid threat response. NetWitness’s threat detections are powered by a deep understanding of attacker methods, the threat landscape, and data & meta-data generated by the platform. Alerts uncover attacker methods in action and are correlated across customer environments to expose real attacks. Organizations around the world rely on NetWitness to see and stop threats before a breach occurs. For more information, visit www.netwitness.com
Sr. Threat Researcher
Position Overview
NetWitness FirstWatch Security Research Team represents the core security knowledge and research capability within the company – tasked with powering our leading-edge technologies and aiding customers. As a member of the NetWitness FirstWatch Security Research team, you will be part of a highly experienced organization and respected authority on security threats and attack techniques.
Serving in the role of Sr. Threat Researcher, you will have a direct impact on the direction of the company by researching threats, understanding how they appear on the network and in the cloud, helping technically shape the product direction. Some of the specific responsibilities include:
• Perform leading edge security research for network-based threats – systems analysis, APT threat modeling, tools assessment, network/protocol analysis, etc.
• Working with our Security Content colleagues, to develop detection capabilities (e.g., parsers, rules, reports, dashboards, feeds etc.)
• Working directly with our Data Science colleagues, develop detection capabilities (e.g., which will be incorporated into the product
• Participate in on-going efficacy testing of our detection capabilities, producing gap analyses, attack samples, remediation recommendations, and document findings for broad use across the company
• Writing and publication of blogs and white-papers
• Public speaking opportunities
 
NetWitness offers the opportunity to be on the leading edge of cyber security – helping us grow a world-renowned security research organization. As the researcher tasked with inventing and improving security detection technologies, you will be an integral part of our success.
When not working on new detection technologies, as a security researcher, you are expected to research new security topics, engage in bug-hunts, develop new tactics and techniques relevant to our product areas, and contribute to the community in a way that helps grow both your personal and company brands.
What You Will Do [Responsibilities]
• Research and understand attacker TTPs to remain current as a subject matter expert within NetWitness
• Research new threat detection technologies and investigate innovative approaches to finding attackers operating within customer environments
• Collaborate across NetWitness to identify, research, and develop new detection models – working hand-in-hand with members of data science, consulting services, incident response, and other product teams
• Replicate attacker techniques and tooling to produce samples for use during detection development and for detection validation and gap identification
• Pursue security research topics that contribute to the knowledge and enumeration of new threats, tactics, and techniques in network, cloud, and hybrid environments
• Provide an attackers-eye-view to the evidence presented by NetWitness products and educate customers to the technical nature of the threat
What Will You Need [Requirements]
• 10 -15 + years of offensive security (attack operations, zero knowledge penetration & red teaming) experience
• 10 -15 + years direct experience in areas of security research, malware analysis & reverse engineering, or incident response
• Knowledge of corporate security investigation and incident response processes, along with malware detection and mitigation methodology & technology
• Network experience:
o Solid, deep knowledgeable in network and application protocols, and traffic analysis (network forensics)
o Proficiency with network traffic analysis and network forensics tools such as Wireshark and tcpdump among others
o Proficiency with host forensics and memory analysis tools to study advanced threat actor activities
o Strong knowledge of networking and network application concepts: TCP/IP, UDP, HTTP, TLS, FTP, RPC, DNS, SMB, Kerberos, etc.
• Deep understanding of the Internet threat landscape and adversaries operating within it
• Solid knowledge and understanding of the MITRE ATT&CK Framework, the Lockheed Martin Killchain, the Pyramid of Pain, and the Diamond and Mosaic models
• Familiarity and fluency in NetWitness full packet capture capability (or comparable platform) a plus
• Deep knowledge of packet capture / trace analysis
• Fluency in applied data science and analytics in threat research and intelligence driven teams and ecosystems
• Strong problem solving, troubleshooting and analysis skills
• Excellent written and verbal communication skills
• Excellent inter-personal and teamwork skills
• Solid programming skills with scripting languages such as Python a plus
• Proactive, hard-working team player with a good sense of humor
• Self-driven, able to efficiently work remotely without close supervision
• Attack simulation experience:
o Knowledge of the Tools, Techniques, Procedures (TTPs) and patterns of behavior of advanced threat actors
o Proficiency with common attacker and red team tools and frameworks: Cobalt Strike, Metasploit, Empire, Mimikatz, impacket, CrackMapExec, etc.
o Ability to realistically recreate advanced threat actor TTPs within controlled environments

What Will Help You
• Professional or academic research in advanced security threats
• Operational experience in infosec as an incident handler/responder, red teamer, administrator, or internal consultant
• Experience with big data technologies
• Participation in the broader infosec community with requisite contacts and access to external intelligence sources
• Understanding the lifecycle and economics of modern malware and advanced threats

RSA is committed to the principle of equal employment opportunity for all employees and applicants for employment and to providing employees with a work environment free of discrimination and harassment. All employment decisions at RSA are based on business needs, job requirements and individual qualifications, without regard to race, color, religion, national origin, sex (including pregnancy), age, disability, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, protected veteran status, genetic information, or any other characteristic protected by federal, state or local laws. RSA will not tolerate discrimination or harassment based on any of these characteristics. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training. All RSA employees are expected to support this policy and contribute to an environment of equal opportunity.

If you need a reasonable accommodation during the application process, please contact rsa.global.talent.acquisition@rsa.com. All employees must be legally authorized to work in the US. RSA and its approved consultants will never ask you for a fee to process or consider your application for a career with RSA. RSA reserves the right to amend or withdraw any job posting at any time, including prior to the advertised closing date.