Job
Description
Job description Role Overview: Were looking for a Email Security Researcher to join our Email Security Research Team. In this role, you will focus on identifying and mitigating advanced email-borne threatsspam, Business Email Compromise (BEC), vishing, and targeted impersonation campaigns. Youll leverage open-source and commercial tools, develop detection rules, and collaborate with global SOC teams to continuously improve our email threat-detection capabilities. Key Responsibilities: Threat Analysis & Hunting: Review large volumes of email traffic to identify malicious patterns, emerging spam campaigns, BEC tactics, vishing attempts, and impersonation fraud. Perform root-cause analysis on incidents and produce actionable intelligence. Rule Development & Tuning: Author and maintain detection signatures in Snort, YARA, ClamAV, and SpamAssassin. Optimize rule performance to minimize false positives/negatives. Automation & Tooling: Develop Python scripts and serverless functions (AWS Lambda or GCP Cloud Functions) to automate email parsing, feature extraction, and alerting. Integrate detection engines into SIEM and SOAR platforms. Collaboration & Reporting: Work closely with SOC analysts, incident responders, and product teams to triage alerts, refine workflows, and deploy new detection logic. Communicate findings and recommendations through clear technical reports and dashboards. Continuous Improvement: Stay current on attacker tactics (TTPs), new phishing/vishing toolkits, and protocol-level evasion techniques (e.g., sender forging, DMARC bypass). Contribute to threat-intel feeds and internal knowledge bases. Basic Qualifications: Experience: 5-8 years total with 35 years in email security research or detection engineering, with a focus on spam, BEC, vishing, and impersonation. Tools & Technologies: Rule engines: Snort, YARA, ClamAV, SpamAssassin Scripting: Python (experience with email libraries imaplib, email, etc.) Cloud platforms: AWS or GCP (Lambda/Functions, serverless compute, storage) Email Protocols & Forensics: Proficient with SMTP, MIME, DKIM, DMARC, SPF, and email header analysis. Analytical Skills: Strong capability to sift through raw logs and MIME bodies to uncover malicious indicators. Communication: Clear written and verbal skills to document findings for technical and non-technical audiences. Preferred Qualifications: Machine Learning & Analytics: Hands-on experience applying ML or statistical methods to email threat detection (e.g., feature engineering, anomaly detection, clustering). Global SOC Environment: Prior work in a 247 Security Operations Center supporting multi-region email volumes. Threat Intelligence Integration: Familiarity with integrating open-source or commercial intel feeds into detection pipelines. Scripting & Infrastructure as Code: Experience with Terraform, CloudFormation, or similar for automated deployment of detection infrastructure.
