Cyber Security Researcher
What if you can safeguard the future of IoT?
MicroSec is building cyber-defense technology to protect the future of IoT. If you are looking for a challenging and interesting role, be part of the Microsec journey.
Successful applicants will be responsible for designing, implementing and managing cybersecurity solutions to proactively detect and respond to security threats. They will follow agile scrum methodologies to establish needs from Product Owners, and help with the self-organization of their development team, guiding junior team members. There will be a broad range of problems to solve, such as cryptographic implementations, machine learning, IoT communication, and DevOps-related issues.
- Perform research, analysis, design, testing and implementation of medium to complex Edge and IoT/OT network security and protection technologies.
- Do research on IoT/OT platforms, protocols and devices to identify vulnerabilities
- Conduct in-depth analysis of cyberattacks & malware threats to identify key characteristics and behavior, and develop signatures, rules, and indicators of compromise (IOCs) to detect and block them.
- Develop and maintain tools and techniques for detecting and analyzing cyberattacks including malware, DDoS etc via, custom scripts, plugins, sandboxes etc.
- Conduct research and analysis on network traffic and payloads to identify and analyze malicious activity and threats.
- Collect and prepare data sets for use in machine learning models, ensuring that they are representative, accurate, and relevant to the malware threats being analyzed.
- Work closely with data scientists and machine learning engineers to develop, test, and deploy machine learning models and algorithms for malware detection and classification.
- Continuously assess the effectiveness of existing security solutions and technologies, and make recommendations for improvements based on analysis of real-world threats and trends.
- Review and analyze security vulnerabilities for the IoT & OT networks, application systems, hardware infrastructure and emerging technologies to improve the enterprise information security posture.
- Write technical proposal, communicate and present the solution
- Design, implement and review security architectures to ensure the adoption of various security practices, baselines and standards
- Collaborating with other teams to ensure security best practices are followed
- Perform tests on networking devices, appliance products and IoT based applications.
- At least 4+ years of Cyber Security Research experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education.
- At least 4-5 years of experience in Python and relevant frameworks such as Django and Flask
- At least 5 years of experience in development for Linux-based platforms
- Familiar with typical enterprise security solutions, such as Endpoint Security, Identity & Access Control solutions, Network Security, Analytics solutions, Data Loss Prevention or Vulnerability and Compliance.
- In-depth knowledge of cyber-attack analysis tools and techniques, including dynamic and static analysis, reverse engineering, and memory forensics.
- Experience with sandboxing tools and virtual machines.
- Hands-on experience in pentesting and hacking. Familiarity with vulnerability assessment and penetration testing tools such as Metasploit, Nmap or Burp Suite.
- Solid knowledge of the TCP/IP stack and networking technologies.
- Experience with network security technologies, including firewalls, intrusion detection/prevention systems, and endpoint protection solutions.
- Basic knowledge of security issues associated with containers, Kubernetes, Distributed Systems, and Linux of large-scale web applications.
- Hands-on programming experience in Python, Golang, Bash, or any other programming language.
- Knowledge of the MITRE ATT&CK framework and Cyber Kill Chain.
- Experience building IoT/OT, Edge, and network security solutions.
- Would be a big plus:
- Knowledge and understanding of vulnerability identification and remediation.
- Experience with managing security aspects of cloud infrastructures and applications.
- Strong knowledge of IoT cloud networking architecture, operations, security.
- Knowledge and understanding of information security industry standards and government regulations.