Phishing Threat Researcher

Description

Phishing Threat Researcher

The Company: Varonis (Nasdaq: VRNS) is a leader in data security, fighting a different battle than conventional cybersecurity companies. Our cloud-native Data Security Platform continuously discovers and classifies critical data, removes exposures, and detects advanced threats with AI-powered automation.

Thousands of organizations worldwide trust Varonis to defend their data wherever it lives — across SaaS, IaaS, and hybrid cloud environments. Customers use Varonis to automate a wide range of security outcomes, including data security posture management (DSPM), data classification, data access governance (DAG), data detection and response (DDR), data loss prevention (DLP), and insider risk management.

Varonis protects data first, not last. Learn more at www.varonis.com.

The Role: We are seeking a Phishing Threat Researcher. This role focuses on investigating phishing campaigns, validating FNs & FPs, and supporting our data science teams in dataset generation and labeling. The ideal candidate should be hands-on, analytical, and capable of bridging the gap between threat intel and ML engineering.

The Requirements:

• 5+ years of experience in threat research, ideally in cybersecurity, fraud, or related risk-focused domains
• Strong understanding of email phishing tactics (BEC, Social Engineering and Phishing Links), SMTP, URL analysis, and brand impersonation techniques.
• Experience analyzing phishing emails and web payloads (screenshots, HTML, redirections, credential harvesting flows).
• Comfort with Linux, shell scripting, and CLI-based investigation workflows.
• Proficiency in Python for scripting and quick data analysis.
• Familiarity with email header analysis (SPF, DKIM, DMARC etc.).
• Exposure to machine learning ecosystems and terminology—enough to communicate intelligently with ML engineers and understand model behavior.
• Excellent written communication skills for generating threat reports and explaining complex technical findings to internal and external stakeholders.
• Familiarity with YARA rules, regular expressions, and detection logic.

Nice to Have:

• Experience working in a SOC, handling abuse inboxes, or threat hunting workflows.
• Past contributions to threat intelligence or reverse-engineering phishing kits.

The Responsibilities:

• Investigate complex phishing incidents seen in a customer environment or discovered in the wild
• Analyze phishing samples and produce detailed reports on attack vectors, payloads, and social engineering techniques.
• Collaborate with the Data Science team by labeling phishing samples, evaluating model outputs, and suggesting edge cases for improvement.
• Monitor emerging phishing trends and build internal datasets and synthetic test

scenarios using GenAI

• Create documentation and playbooks to enable repeatable, high-quality analysis and triage.

We invite you to check out our Instagram Page to gain further insight into the Varonis culture!

@VaronisLife

Varonis is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status, and other legally protected characteristics