Product Security Analyst establishing risk management across CHG Healthcare's multi - brand portfolio. Leading data classification initiatives and reporting on security risks.
About the role
- Senior CyberSecurity Analyst focusing on identifying and responding to email borne threats at Proofpoint. Collaborating with a global team to develop detection signatures against phishing, malware, and spam attacks.
Responsibilities
- Member of a creative, enthusiastic, and geographically distributed team (in a 24/7/365 "follow the sun" model) that is responsible for identifying, parameterizing, and responding quickly to spam attacks levied against some of the world's largest organizations.
- Analyze data and logs, search for specific patterns to identify email accounts take over, suspicious Ips, IP ranges, sending domains, etc, etc
- Find suspicious behavioral patterns and identify/fix FNs/FPs
- Analyze email messages reported by customers as well as work on large data sets in order to determine correct classification (spam, phishing, malware, BEC (Advanced Email Fraud), bulk, ham).
- Some CONTENT DEVELOPMENT.
- Perform deep analyses of spam message headers & structures to identify novel spam features, and design various rules/signatures to detect those features and block email borne threats
- Ad-hoc development of tools as necessary to aid/streamline analysis activities is a plus
- As an Email Cybersecurity analyst, who has coding experience and skills - an opportunity to design and develop new PoCs threat detection system(s) based on your expertise or learn how to add this skill to your toolset.
- Developing and maintaining Python applications/tools, writing clean and efficient code, debugging and troubleshooting issues, collaborating with cross-functional teams, and participating in code reviews is a plus
- Knowledge of database systems is a plus
- Be available in an rotating on-call basis to respond to develop signatures, that detect and block an emerging or an ongoing threat(s)
- Help us define the landscape, prevalence, and evolution of messaging abuse, threats, and attacks by participating in future requirements definition discussions of our products.
Requirements
- Deep knowledge of IP space
- Deep knowledge of Domain space
- Knowledge of different types of email borne attack vectors, tools and tactics
- Solid SQL, Presto SQL skills – proven experience in query building is a must
- In-depth knowledge of email borne threats: phishing, malware, BEC and spam.
- Ability to find and research suspicious patterns in sending Ips, URLs, domains, in conjunction with overall email structure (email headers and email context).
- Ability to create detection signatures/rules (content development) based on observed suspicious patterns with experience of 2-4 or more years in the field.
- General curiosity about the headers and structure of email messages.
- General familiarity with how mail delivery works, knowledge of email security standards and protocols, such as SPF, DKIM, and DMARC, would be beneficial.
- Practical knowledge (hands-on experience) with Regular Expressions
- Minimum 2+ years hands-on experience with Python or a different programming language is a plus
- Experience in one of Python frameworks (Django, Flask or Pandas) is a plus
- Experience with data analysis, familiarity with cybersecurity best practices, and the ability to work with large datasets.
- Familiarity with Unix environments and comfort with a range of Unix command line tools for manipulating and extracting content from text files is a must have
- Familiarity and/or experience with LUA based detection signatures is a plus
- Familiarity and/or experience with ClamAV and/or Yara and/or in-house developed framework allowing to research and create signature based detection on email borne threats based detection signatures is a plus
- Willingness to play an important technical role
- Demonstrated analytical and creative problem-solving abilities.
- Ability to work independently yet fully integrate with worldwide, remote teams.
- Can-do attitude with a focus on problem solving, product quality, and a strong desire to get the job done.
Benefits
- Competitive compensation
- Comprehensive benefits
- Career success on your terms
- Flexible work environment
- Annual wellness and community outreach days
- Always on recognition for your contributions
- Global collaboration and networking opportunities
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Cybersecurity Analyst at Northrop Grumman leading systems accreditation and mentoring junior analysts. Involves development and implementation of Risk Management Framework and information assurance activities.
Sr. Cybersecurity Analyst supporting the full lifecycle of security assessments at Dexcom. Coordinating with internal stakeholders and ensuring comprehensive coverage across assessments.
Information Security Analyst responsible for conducting internal audits and compliance in information technology. Working with audit teams and enhancing compliance frameworks at Ness Digital Engineering.
Intern supporting IT Security team at OneDigital with hands - on experience and mentoring. Engaging in real - world assignments and responsibilities within IT Security.
Cyber Threat Intelligence Analyst at AIG specializing in cyber threat research and intelligence production. Collaborating with an interdisciplinary team to enhance cybersecurity situational awareness and reporting.
Senior Cyber Security Analyst protecting customers from cyber threats while enhancing cyber security services at technology firm. Focused on both security operations and technical delivery.
Cybersecurity Analyst assisting in the review and implementation of cybersecurity initiatives across a large environment at Kemper. Responding to cyber threats and improving processes and technologies.
Senior Information Security Analyst managing Information Security Management System at BMLL Technology. Supporting compliance with ISO 27001 and enhancing security measures.
Graduate Cyber Security Analyst at McKesson participating in a 24 - month Cyber Academy program. Monitor security alerts and contribute to incident response efforts while gaining mentorship.