Threat Researcher

We're expanding our team, and we'd love your help!

At Stairwell, we're working to rewrite the rules of cybersecurity. And we can't do that without breaking away from the mold. That means that we're not just looking for those with decades of cybersecurity experience.

We're looking for those who are passionately curious about solving complex problems. Those who are excited about the work they produce. Those who are ready to step in and create change for the better.

So, even if you feel that you don't perfectly match the qualifications listed, we want to hear from you. And we're not just all talk. We want you to enjoy working here, too.

We offer 100% remote work, competitive pay (including stock options), unlimited PTO, subsidized health/dental/vision insurance, a monthly internet stipend, a one-time home office bonus to deck out your work area, company events, team trips, and more.

If we've piqued your interest, keep scrolling to see what you'll be working on if you join the team.

About the Threat Researcher Position

Stairwell is looking for a Threat Researcher to join our Product team. On this team you will find evil, research threat actors and intrusions, and most importantly build cool things in our products and platforms. You must love malware, detection rules, analyst tools, and be willing to form a balanced buddy-comedy crime fighting team with your product teammates: you'll be a Turner to our Hooch, a Hulk to our Thor, a Scully to our Mulder, a Riggs to our Murtaugh (or maybe you're more of a wildcard like Leo Getz). We are hell bent on building great products and providing our clients with an excellent user experience, and maybe we will even have a little bit of fun along the way.

Threat Researcher Responsibilities

• Be the power users of the products and the resident experts on all things cyber* including threat actors, adversary tradecraft, intrusions, TTPs, malware, detection, attribution, trends, and so forth.
• Research threats and malware, and apply what you learn to improve our products through detection rules, requirements, features, designs, user feedback, and more.
• Support our clients directly through reverse engineering, malware analysis, threat analysis, attribution clustering, threat hunting, trainings, demos, Q&A as needed.
• Invent new systems, proofs-of-concepts, parsers, scanners, scripts, and other technology that may help us better capture and unlock important or notable data for our graph, or use your expertise to support others doing the same.
• Engage the community and share your work via public blogs and reports, conference presentations, tweets, detection rules et cetera.
• Empower your fellow product and engineering team members through continuous feedback, bug tracking, design review, best practices and knowledge sharing and overall support.
• Keep up to date on the latest threats and apply what you learn to the technology we're building, help us make sure our products and clients can get where they want to go.
• Dive deep where your skills are deep, but also push yourself to experiment, contribute to other areas, and learn new things too.
• Help us build systems and automations for automatically extracting and processing data that may relate to file objects, operating system behaviors and network data.

Threat Researcher Qualifications

• Experience in an analytical role such as forensic analyst, threat intelligence analyst, threat researcher or security consultant/engineer in an investigative capacity or incident response environment.
• Experience with direct delivery of technical information to clients or the public through reports and presentations.
• Deep knowledge of threat actors, malware, the intrusion lifecycle, attack techniques and TTPs.
• Deep knowledge of security products and trends in the cybersecurity industry.
• Ability to share technical information in a variety of formats to a plethora of audiences, from SOC analyst to software engineer to CFO.
• Applied knowledge in at least one scripting language such as Python.
• Ability to translate findings from threat research into things such as new features, reports, documentation, designs, bugs, requirements, scripts, parsers, or detection rules.
• Technical experience in several of the following areas:
  • General enterprise security controls.
  • Windows or Linux operating systems and OS internals.
  • Basic static and dynamic analysis of malware.
  • Windows, Unix, Linux, or Mac disk and memory forensics.
  • Network security monitoring, traffic analysis, and log analysis.
  • Clustering or tracking threats in an intelligence function.
  • Detection engineering with pattern matching technologies such as YARA, Snort, Sigma, Drools, or ClamAV.

About Us

We're not building a company, we're building a team, and the team builds the company.

At the core of Stairwell is a team that truly enjoys working together and mutually supporting each Dweller's growth and development. We are an engineering and product driven company that has high standards for both technical ability and interpersonal skills. We are humbled by the opportunity to help shape the future of cybersecurity and driven to build tools that will empower teams around the world.

Stairwell is proud to be an equal opportunity workplace. We consider all individuals seeking employment, regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), gender identity, gender expression or military or Veteran status or any other characteristic protected by federal, state or local laws. We also consider qualified applicants regardless of criminal histories, consistent with federal, state and local law.

To all recruitment agencies: Stairwell does not accept agency resumes. Please do not forward resumes to our jobs alias, Stairwell employees or any other organization location. Stairwell is not responsible for any fees related to unsolicited resumes.