Senior Threat Researcher II

Sumo Logic Threat Labs is seeking a Senior Threat Researcher II to join their team of security experts. This role involves developing and applying cyber threat intelligence, technology, hunting, and tradecraft to create threat detections for Sumo Logic Cloud SIEM customers. The researcher will explore and exploit various cloud technologies to build, test, and push the envelope on research-driven detections, defending multiple organizations and technologies.

Must Have

• Research, Develop, and Test detection rules within lab infrastructure
• Work with product management to identify focus of research and development campaigns
• Maintain and expand threat research lab infrastructure
• Provide practitioner feedback to engineering and product management regarding features and roadmap
• Research industry trends for detection opportunities
• Contribute to the community through blogs, conference talks, open source projects etc.
• Align with Threat Detection Engineering on content development efforts and deployment
• 8+ years of cybersecurity experience
• Experience sourcing threat detections from research to deployment
• Knowledgeable of multiple technology stacks and willingness to learn new technologies
• Experience working in at least one public cloud (AWS, Azure, GCP)
• Experience analyzing cloud infrastructure log telemetry

Good to Have

• Experience in customer facing technical role (consulting, IT help desk/remote support)
• Offensive cybersecurity tool experience (Atomic Red Team, Sliver, Cobalt Strike etc)
• Scripting experience (Python, PowerShell, etc)
• Experience with Security Orchestration, Automation, and Response (SOAR) technology
• Established social media presence in the cybersecurity industry/community (Twitter and the like)
• Experience working within the cybersecurity vendor industry, with an understanding of product management and providing feedback into the process

Perks & Benefits

• Bonus or commission plans
• Benefits offerings

Sumo Logic Threat Labs is a team of security experts responsible for developing and applying cyber threat intelligence, technology, hunting, and tradecraft to research and develop threat detections for Sumo Logic Cloud SIEM customers. Threat Labs is by design a fast-paced, demanding, and mission-focused team. Sumo Logic is in search of an experienced and visionary Manager for Threat Labs.

Threat Labs is looking for a senior-level threat researcher to join us in defending multiple organizations and technologies, by researching and creating detection content for Sumo Logic. This individual must love data (logs), and understand the role modern SIEM plays in organizations today; additionally, they must understand the importance of applying practitioner experience in helping customers do the job they need to do with SIEM. Threat Labs research includes exploration and exploitation of various cloud technologies, to create high quality practical detections. We’re looking for someone who can build out, test, and help us push the envelope on research driven detections.

Responsibilities

• Research, Develop, and Test detection rules within lab infrastructure
• Work with product management to identify focus of research and development campaigns
• Maintain and expand threat research lab infrastructure
• Provide practitioner feedback to engineering and product management regarding features and roadmap
• Research industry trends for detection opportunities
• Contribute to the community through blogs, conference talks, open source projects etc.
• Align with Threat Detection Engineering on content development efforts and deployment

Requirements

• 8+ years of cybersecurity experience
• Ideally a combination of the following:
• Senior/Principal SOC Analyst
• Purple Team and/or hunting
• Incident response
• Experience sourcing threat detections from research to deployment
• Knowledgeable of multiple technology stacks and willingness to learn new technologies
• Experience working in at least one public cloud (AWS, Azure, GCP)
• Experience analyzing cloud infrastructure log telemetry
• Contributed cybersecurity blogs or linkedIn posts, and conference talks

Desirable

• Experience in customer facing technical role (consulting, IT help desk/remote support)
• Offensive cybersecurity tool experience (Atomic Red Team, Sliver, Cobalt Strike etc)
• Scripting experience (Python, PowerShell, etc)
• Experience with Security Orchestration, Automation, and Response (SOAR) technology
• Established social media presence in the cybersecurity industry/community (Twitter and the like)
• Experience working within the cybersecurity vendor industry, with an understanding of product management and providing feedback into the process