Head of Adversary Research

  • Locations
    • United States
    • Remote
  • Date Posted
  • Jun. 14, 2021
  • Function
  • IT
  • Sector
  • Security

As the Head of Adversary Research you will be responsible for producing new insight into existing and emerging adversary activity for evaluating the performance of information security controls. You’re well-versed in what they do today, and your finger is on the pulse of what they’ll be doing tomorrow. You care about creating advantages for defenders of all types and skill levels, and you might have Strong Opinions™ about how to do that from a role like this.

This role will report to the VP, Products and will be located anywhere in the United States.

Essential Duties and Responsibilities

  • Develop, manage and oversee the adversary research function, including managing a team of Security Analysts.
  • Collect and analyze adversary tactics, techniques and procedures (TTP) of all types from diverse sources.
  • Translate analysis of adversary TTP into AttackIQ platform content used to evaluate the performance of security control technologies.
  • Communicate detailed technical concepts to a broad audience, including media, customers and the market at-large to further the practice of Threat-Informed Defense.
  • Proactively control expenses, increase value, and promote highly effective practices to ensure effective and efficient use of resources.

Professional Competencies

  • Deep understanding of most commonly-deployed information security technologies to support network and endpoint defense — think Palo Alto, Cisco, Crowdstrike, Cylance and beyond.
  • Proven capability to go from raw material to detections with these technologies in multiple rule formats with similar proficiency in Wireshark, Zeek/Bro and Process Explorer.
  • Hands-on skill with common hack, penetration testing and vulnerability scanning tools like Kali, Metasploit or similar when applied beyond the lab.
  • Expert-level knowledge of current adversary TTP and how to model behaviors in context of MITRE ATT&CK.
  • Responsibility and ability to author detections in large-scale data aggregation and search platforms like Elastic and Splunk.
  • Experience recruiting and managing talent with skills like your own.
  • Smart, driven, and able to think-on-your-feet in a fast-paced environment.
  • Significant experience in a security operations center (SOC) or similar a huge plus.

Required Experience and Skills

  • Bachelor’s degree with 5+ years experience in either an offensive or defensive cybersecurity capacity, or equivalent total experience in the information security space.
  • 3+ years of people management experience.
  • Exceptional written, oral, presentation and interpersonal skills.