Staff Threat Intelligence Researcher

Job Description

Lookout, Inc. is the endpoint to cloud security company purpose-built for the intersection of enterprise and personal data. We safeguard data across devices, apps, networks and clouds through our unified, cloud-native security platform — a solution that's as fluid and flexible as the modern digital world.

We are looking for a Staff Security Researcher to join our Threat Intelligence team, a group of top-tier security researchers working to identify, investigate, and track targeted attacks on users of mobile devices.

What you’ll do:

• Identify, analyze and track advanced nation state and financially motivated threat actors and their tactics, techniques, and procedures (TTPs).
• Develop strategies to hunt mobile threats targeting enterprises and individuals.
• Reverse-engineer and analyze capabilities of mobile malware.
• Investigate adversary command-and-control and phishing infrastructure.
• Conduct independent research and report findings to Threat Intelligence customers.
• Mine internal and external data sources to identify new campaigns, malware families, and malicious actors.
• Devise and implement new detection rules and develop innovative and efficient ways to expand and finetune coverage.
• Prepare and deliver public media reports and present findings at conferences.
• Participate in activities involving customers, prospects, and partners.

What we’re looking for:

• Experience in threat hunting across multiple datasets, security tools such as VirusTotal, Validin, and Shodan and leveraging big data technologies (e.g., Lucene, ElasticSearch, AWS Athena).
• Experience in reverse engineering software (mobile app reversing preferred).
• Ability to articulate technical findings both in written reports and presentations.
• Experience using some of the following tools: JEB, IDA Pro, Ghidra, Hopper, Frida, Wireshark, DirBuster.
• Ability to read code in Java and C; ARM Assembly, ObjectiveC and Swift is a bonus.
• Experience in conducting OSINT investigations.
• Ability to create research tools in Python.
• Experience with threat intelligence file types, tools and terminology such as MITRE ATT&CK, STIX, YARA, MISP, OpenCTI and the Intelligence Cycle.
• Interest in geopolitical dynamics and the ability to apply that context to inform intelligence analysis and threat hunting activities.
• Curiosity and a strong drive to understand how both state and criminal actors operate.