Threat Researcher Jobs

About ESentire

eSentire, Inc. is the Authority in Managed Detection and Response, protecting the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats.

Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business-disrupting events. Combining cutting-edge machine learning XDR technology, 24/7 Threat Hunting, and proven security operations leadership, eSentire mitigates business risk and enables security at scale.

The Team eSentire difference means enterprises are protected by the best in the business with a named Cyber Risk Advisor, 24/7 access to SOC Cyber Analysts, Elite Threat Hunters, and industry-leading threat intelligence research from eSentire’s Threat Response Unit (TRU). eSentire provides Managed Risk, Managed Detection and Response and Incident Response services.

Our Team

eSentire is looking for highly capable individuals to be part of our Tactical Threat Response team. eSentire is a recognized industry leader and one of Canada’s Fastest-Growing Tech company. We work in a collaborative and innovative work environment with brilliant and passionate people who strive and encourage others to do their best. Join us to gain rewarding and developing career experience with the ability to grow and make an impact on your work.

The Opportunity

The successful candidate will report to the Manager of Tactical Threat Response and be responsible for the creation, research, implementation of end-to-end threat detection across MDR services that utilize network, endpoint, cloud, and log data. The Tactical Threat Response (TTR) team creates innovative security content, detectors to alert on threats, and runbooks to streamline investigations. TTR is made up of dedicated security experts that manage the entire content creation lifecycle, which is informed by observations from our Security Operations Center (SOC), Threat Intelligence Team (TI), Advanced Threat Analytics Team (ATA), as well as industry frameworks like the MITRE ATT&CK. The TTR team manages the security content development roadmap to ensure our services protect against the modern adversary.

Responsibilities

• Identifying, organizing, and processing new novel detection techniques
• Deployment and Support
• Detector development
• Triaging new detectors
• Ongoing tuning and maintenance
• Work with security vendors to understand integrations and threat coverage for new threats.

Desired Skills

• One or more certs in CCSK, CISSP, OSCP, GIAC or equivalent
• Threat Hunting: Understand adversary behavior, develop a hypothesis, design hunts, and interpret the results.
• Security Data Analysis and Analytics: Know where valuable security data exists, how to sift through the data, apply analytics, and create actionable alerts.
• Threat Modeling: Experience with threat modeling frameworks, such as MITRE ATT&CK to identify how adversaries will attack infrastructure, what their goals may be, and where detection opportunities exist.
• Investigation Theory: Solid understanding of common cyber threats, attack vectors, and threat actor techniques
• Independent self-starter: Strong analytical and problem-solving skills with the ability to think critically and creatively in a fast-paced environment.
• Excellent communication skills: Written and verbal, with the ability to effectively convey complex technical concepts to both technical and non-technical stakeholders.

Requirements

• Experience analyzing large security data sets
• Knowledge of Incident Response/Forensics
• Microsoft Defender
• Knowledge of data analysis and analytics
• Carbon Black
• Experience with one or more data types (Log, PCAP, EDR, Cloud)
• Knowledge of operating systems and networking
• Experience with a broad range of best-in-class security tools that may include:
• SumoLogic
• Microsoft Sentinel
• CrowdStrike
• Knowledge of attacker tactics, techniques, and procedures
• Knowledge of Mitre ATT&CK
• Experience in fast-paced environments
• Experience implementing repeatable processes.

Work Conditions

• In case of emergency working hours might be modified.
• Work will be remote 9 to 5 office hours.
• The position does not require the availability for on-call rotation, extended travel, or 24/7 shift coverage.

As a condition of employment, this position is subject to the successful completion of pre-employment screening including references, criminal background and credit history checks.

Why a Career with eSentire?

Our Culture: At eSentire we work in a collaborative and innovative work environment. We work with brilliant and passionate people who strive and encourage others to do their best. eSentire’s idea-rich environment welcomes creative and sometimes unconventional perspectives!

Growth Opportunities: At eSentire you will have the opportunity to grow and make an impact from your work. We encourage innovation in all who become a part of our team. With growing operations internationally, there are many lateral and upward advancement opportunities for rewarding and developing careers with eSentire. We’re strong believers in continuing education and provide the resources that you need to continue learning.

Employee Perks: We provide breakfast, snacks and refreshments (at our physical office locations in Waterloo, London, and Cork), flexible working hours and vacation, company-wide equity and bonus programs, subsidies for continuing education and health & wellness, and attractive compensation and benefits plans. We make it our obligation to the team to stay current with compensation trends in the tech field!

We thank all applicants in advance for applying. Only individuals selected for interviews will be contacted.

eSentire is committed to creating a fair work environment that is aligned withthe Accessibility for Ontarians with Disabilities Act (AODA). We guarantee equal treatment and provide opportunities regardless of race, creed, color, religion, national origin, ancestry, marital status, affectional or sexual orientation, gender identity or expression, disability, nationality, sex, status as a protected veteran or any other legally protected grounds and will not discriminate on these basis. If you have any accessibility requirements during the recruitment process, please reach out to our HR team at [email protected] and any accommodation needs will be addressed upon request.

Apply Now