Senior Security Researcher

1 Month ago • 3-8 Years

Job Summary

Job Description

As a Senior Security Researcher at Trellix, you will be focusing on identifying and mitigating advanced email-borne threats such as spam, Business Email Compromise (BEC), vishing, and impersonation campaigns. You will leverage open-source and commercial tools, develop detection rules, and collaborate with global SOC teams to continuously improve our email threat-detection capabilities. This role involves in-depth threat analysis, rule development, automation, collaboration with various teams and constant improvement to stay ahead of the evolving threat landscape.
Must have:
  • 3-5 years of experience in email security research or detection.
  • Proficiency in rule engines: Snort, YARA, ClamAV, SpamAssassin.
  • Expertise in Python and email-related libraries.
  • Familiarity with SMTP, MIME, DKIM, DMARC, SPF, email header analysis.
  • Strong analytical skills for uncovering malicious indicators.
Good to have:
  • Experience applying ML or statistical methods to email threat detection.
  • Prior work in a 24x7 Security Operations Center.
  • Familiarity with integrating threat intelligence feeds.
  • Experience with Terraform or CloudFormation.
Perks:
  • Retirement Plans
  • Medical, Dental and Vision Coverage
  • Paid Time Off
  • Paid Parental Leave
  • Support for Community Involvement

Job Details

Job Title:

Senior Security researcher

About Trellix:

Trellix, the trusted CISO ally, is redefining the future of cybersecurity and soulful work. Our comprehensive, GenAI-powered platform helps organizations confronted by today’s most advanced threats gain confidence in the protection and resilience of their operations. Along with an extensive partner ecosystem, we accelerate technology innovation through artificial intelligence, automation, and analytics to empower over 53,000 customers with responsibly architected security solutions.
We also recognize the importance of closing the 4-million-person cybersecurity talent gap. We aim to create a home for anyone seeking a meaningful future in cybersecurity and look for candidates across industries to join us in soulful work. More at https://www.trellix.com/.

Role Overview:

We’re looking for a Email Security Researcher to join our Email Security Research Team. In this role, you will focus on identifying and mitigating advanced email-borne threats—spam, Business Email Compromise (BEC), vishing, and targeted impersonation campaigns. You’ll leverage open-source and commercial tools, develop detection rules, and collaborate with global SOC teams to continuously improve our email threat-detection capabilities.

Key Responsibilities

  • Threat Analysis & Hunting:

    • Review large volumes of email traffic to identify malicious patterns, emerging spam campaigns, BEC tactics, vishing attempts, and impersonation fraud.

    • Perform root-cause analysis on incidents and produce actionable intelligence.

  • Rule Development & Tuning:

    • Author and maintain detection signatures in Snort, YARA, ClamAV, and SpamAssassin.

    • Optimize rule performance to minimize false positives/negatives.

  • Automation & Tooling:

    • Develop Python scripts and serverless functions (AWS Lambda or GCP Cloud Functions) to automate email parsing, feature extraction, and alerting.

    • Integrate detection engines into SIEM and SOAR platforms.

  • Collaboration & Reporting:

    • Work closely with SOC analysts, incident responders, and product teams to triage alerts, refine workflows, and deploy new detection logic.

    • Communicate findings and recommendations through clear technical reports and dashboards.

  • Continuous Improvement:

    • Stay current on attacker tactics (TTPs), new phishing/vishing toolkits, and protocol-level evasion techniques (e.g., sender forging, DMARC bypass).

    • Contribute to threat-intel feeds and internal knowledge bases.

Basic Qualifications

  • Experience: 5-8 years total with 3–5 years in email security research or detection engineering, with a focus on spam, BEC, vishing, and impersonation.

  • Tools & Technologies:

    • Rule engines: Snort, YARA, ClamAV, SpamAssassin

    • Scripting: Python (experience with email libraries—imaplib, email, etc.)

    • Cloud platforms: AWS or GCP (Lambda/Functions, serverless compute, storage)

  • Email Protocols & Forensics: Proficient with SMTP, MIME, DKIM, DMARC, SPF, and email header analysis.

  • Analytical Skills: Strong capability to sift through raw logs and MIME bodies to uncover malicious indicators.

  • Communication: Clear written and verbal skills to document findings for technical and non-technical audiences.

Preferred Qualifications

  • Machine Learning & Analytics: Hands-on experience applying ML or statistical methods to email threat detection (e.g., feature engineering, anomaly detection, clustering).

  • Global SOC Environment: Prior work in a 24×7 Security Operations Center supporting multi-region email volumes.

  • Threat Intelligence Integration: Familiarity with integrating open-source or commercial intel feeds into detection pipelines.

  • Scripting & Infrastructure as Code: Experience with Terraform, CloudFormation, or similar for automated deployment of detection infrastructure.

Company Benefits and Perks:

We believe that the best solutions are developed by teams who embrace each other's unique experiences, skills, and abilities. We work hard to create a dynamic workforce where we encourage everyone to bring their authentic selves to work every day. We offer a variety of social programs, flexible work hours and family-friendly benefits to all of our employees.

  • Retirement Plans

  • Medical, Dental and Vision Coverage

  • Paid Time Off

  • Paid Parental Leave

  • Support for Community Involvement

We're serious about our commitment to a workplace where everyone can thrive and contribute to our industry-leading products and customer support, which is why we prohibit discrimination and harassment based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation or any other legally protected status.

Similar Jobs

Ion - Markets Product Security Engineer - UK

Ion

London, England, United Kingdom (On-Site)
8 Months ago
Cineplex - Director, Cyber Security

Cineplex

Toronto, Ontario, Canada (Hybrid)
3 Weeks ago
Forescout - Cyber Security Internship

Forescout

Eindhoven, North Brabant, Netherlands (On-Site)
4 Weeks ago
CrowdStrike - GSI Solution Architect

CrowdStrike

Spain (Remote)
1 Month ago
Threat connect - Technical Product Marketing Manager, Threat Intel and SecOps

Threat connect

United States (Remote)
3 Months ago

Get notifed when new similar jobs are uploaded

Similar Skill Jobs

SingleStore - AI Security Engineer

SingleStore

Pune, Maharashtra, India (Remote)
1 Month ago
bytedance - Security Engineer, Security Assurance

bytedance

Singapore (On-Site)
2 Months ago
Netflix - Security Engineer L5, Incident Response

Netflix

Poland (Remote)
2 Months ago
Experian - Security Engineer - Scripting and Automations

Experian

Allen, Texas, United States (Remote)
3 Weeks ago
Tide - Senior Threat Intelligence Engineer

Tide

London, England, United Kingdom (Hybrid)
1 Month ago
reversing labs  - Senior Software Engineer

reversing labs

Zagreb, Grad Zagreb, Croatia (Hybrid)
4 Months ago
PwC - SOC Analyst

PwC

Prague, Prague, Czechia (On-Site)
3 Weeks ago
Aryaka - Senior Sales Engineer

Aryaka

United Kingdom (Remote)
2 Weeks ago
Ion - Cyber Product Owner, Italy

Ion

Italy (Hybrid)
8 Months ago
Cineplex - Director, Cyber Security

Cineplex

Toronto, Ontario, Canada (Hybrid)
3 Weeks ago

Get notifed when new similar jobs are uploaded

Jobs in Bengaluru, Karnataka, India

Power Integrations - Field Application Engineer

Power Integrations

New Delhi, Delhi, India (On-Site)
2 Years ago
Cadence - Sr Principal Application Engineer

Cadence

Noida, Uttar Pradesh, India (On-Site)
3 Weeks ago
Vigaet - Self-Driving Car Intern

Vigaet

Bengaluru, Karnataka, India (On-Site)
7 Months ago
JDA - Technical Architect - Monitoring

JDA

Bengaluru, Karnataka, India (On-Site)
2 Weeks ago
PwC - IN-Associate _SOC_Identity management_Advisory

PwC

Mumbai, Maharashtra, India (On-Site)
2 Weeks ago
Luxoft - Technical Business Analyst

Luxoft

Bengaluru, Karnataka, India (On-Site)
5 Months ago
GoTo Group - Sr. Software Engineer (iOS) - Engineering Platform (2)

GoTo Group

Bengaluru, Karnataka, India (On-Site)
8 Months ago
Capgemini - Data Strategy & Consulting

Capgemini

Pune, Maharashtra, India (On-Site)
2 Weeks ago
Capgemini - Network Engineer

Capgemini

Gurugram, Haryana, India (On-Site)
4 Weeks ago
Illuminia - Associate Director, Information Security

Illuminia

Bengaluru, Karnataka, India (On-Site)
4 Weeks ago

Get notifed when new similar jobs are uploaded

Similar Category Jobs

Looks like we're out of matches

Set up an alert and we'll send you similar jobs the moment they appear!

About The Company

Trellix is a global company redefining the future of cybersecurity. The company’s open and native extended detection and response (XDR) platform helps organizations confronted by today’s most advanced threats gain confidence in the protection and resilience of their operations. Trellix’s security experts, along with an extensive partner ecosystem, accelerate technology innovation through machine learning and automation to empower over 53,000 business and government customers. More at https://trellix.com.

Bengaluru, Karnataka, India (On-Site)

Bengaluru, Karnataka, India (On-Site)

Tokyo, Japan (On-Site)

Bengaluru, Karnataka, India (On-Site)

Bengaluru, Karnataka, India (On-Site)

Bengaluru, Karnataka, India (On-Site)

Bengaluru, Karnataka, India (Hybrid)

View All Jobs

Get notified when new jobs are added by Trellix

Level Up Your Career in Game Development!

Transform Your Passion into Profession with Our Comprehensive Courses for Aspiring Game Developers.

Job Common Plug