We are looking for a Senior Security Researcher to work on source code review, fuzzing, penetration testing of applications, and code / vulnerability remediation support.ResponsibilitiesWork as a key security researcher within an elite engineering team delivering industry-leading blockchain protocols and…
The Block.one Director of Security Operations is directly responsible for development and day-to-day management of agile, real-time security operations capabilities, including Cyber Threat Hunting, Malware Response and Research, Advanced Security Monitoring, Incident Response, and Forensics and Vulnerability Management.
The position requires a strategic and hands-on technical cybersecurity leader who understands business operations, IT and security technologies, and will utilize that knowledge to oversee the implementation of an effective security operations program that ensures the real-time security posture of Block.one is aligned with business needs and the actual and evolving threat landscape.
- Develop and lead a top-tier, advanced security monitoring and threat intelligence operation combining MSSP (L1/L2) 3rd party cloud and intelligence vendors, and Block.one security teams
- Produce L3 analysis and actionable reports on new and potentially identified threats for the purposes of accurate mitigation and further threat and vulnerability detection
- Develop a best-in-class threat intelligence capability to monitor external, internal, open source, and deep and dark web information for relevant cyber threats, incidents and /or actionable cyber activity
- Assess IT and security-based computer and network logs for the purpose of identifying specific patterns of activity or generating statistical threat and vulnerability summaries
- Develop security monitoring and advanced lateral movement detection analytics specific to non-traditional technology areas such as global cloud service providers, Docker, Kubernetes, and container-based environments
- Produce predictive and reactive cyber threat intel reports on new or updated cyber threats, new TTPs, campaigns (phishing/spear phishing/watering hole)
- Support other Block.one IT and security teams with the analysis of complex security alerts and network traffic to determine the existence or extent of potential threats and remediation / response requirements
- Conduct analysis on files/binaries, packet captures, and supporting materials to extract relevant artifacts, observables, and IOCs
- Proactively look for cyber threats via open feeds, internal feeds, VirusTotal, Hybrid-Analysis, or similar sources
- Develop and maintain behavioral- and signature-based threat-driven use-cases
- Assess events based on factual information immediately present, available external context and analysis, and wider knowledge and experience with IT systems
- Proactively drive improvements of internal processes, procedures, and threat and vulnerability management workflows
- Participate in the testing, recommendation, and integration of new security monitoring and analytical tools
- Deliver results within given time frames, ensuring work is consistent, well documented, and in-line with team standards at all times
- Take ownership for the growth of a world-class team and their professional career development
Experience and Qualifications:
- BS degree in computer science, networking, engineering, or other computer-related field of study or certifications such as GIAC, GCIH, GCFE, GCFA, GREM, GNFA, OSCP, OSCE
- 8 years+ experience working in an information security or IT operations related field in an enterprise environment Experience
- Demonstrated experience managing security operations and threat hunting teams with a focus on L3 analysis of events, malware, network forensics, and complex incidents
- Experience with Splunk or other database query languages (i.e. SQL), ELK experience a big plus
- Experience creating customized security log analysis and detection capabilities using programming and development expertise, including Java, Python, Shell Scripting and regular expression
- Fluent in use and monitoring opportunities of all major operating systems platforms (e.g., Windows, Linux/Unix, Mac)
- Solid understanding of virtual environments hosted and cloud / container (e.g., VSphere, Kubernetes, AWS, GCP)
- Experience with network forensics tools (e.g., Wireshark, NetWitness)
- Specific knowledge of CrowdStrike, Splunk, Proofpoint, and other best of breed security tools critical.
- Deep understanding of TCP/IP and computer networking
- Knowledge of the functions of security technologies such as IPS/IDS, firewalls, SIEM
- Experience in the intelligence process, collecting relevant data, creating analytic products, and reporting metrics
- Experience synthesizing and enriching event data with threat intelligence to create actionable intel
- Experience creating company specific dashboards, tools and data sets with open source tools (Maltego, MISP, etc.)
- Prior work experience in financial services or social media / real-time operations environments.
- Ability to work in a fast paced, high tech environment juggling multiple priorities while meeting deadlines.
- Must be committed to a culture of continuous improvement and continuous delivery.
- Exceptional customer service skills, in addition to extensive experience working in a team-oriented, collaborative environment.
- Strong communication, influencing and presentation skills.
- Previous experience running best in class Customer Service and Operational Support teams.
- Ability to maintain positive attitude in high pressure situations and manage distributed teams with competing priorities with tight deadlines.