CareerStation
TR

Senior Security researcher

Trellix
Bangalore5-8 LPA Posted 6 Jun 2025
FULL TIME
Machine Learning
Terraform
Python

Job Description

Job description

Role Overview:

Were looking for a Email Security Researcher to join our Email Security Research Team. In this role, you will focus on identifying and mitigating advanced email-borne threatsspam, Business Email Compromise (BEC), vishing, and targeted impersonation campaigns. Youll leverage open-source and commercial tools, develop detection rules, and collaborate with global SOC teams to continuously improve our email threat-detection capabilities.

Key Responsibilities:

Threat Analysis & Hunting:

  • Review large volumes of email traffic to identify malicious patterns, emerging spam campaigns, BEC tactics, vishing attempts, and impersonation fraud.
  • Perform root-cause analysis on incidents and produce actionable intelligence.

Rule Development & Tuning:

  • Author and maintain detection signatures in Snort, YARA, ClamAV, and SpamAssassin.
  • Optimize rule performance to minimize false positives/negatives.

Automation & Tooling:

  • Develop Python scripts and serverless functions (AWS Lambda or GCP Cloud Functions) to automate email parsing, feature extraction, and alerting.
  • Integrate detection engines into SIEM and SOAR platforms.

Collaboration & Reporting:

  • Work closely with SOC analysts, incident responders, and product teams to triage alerts, refine workflows, and deploy new detection logic.
  • Communicate findings and recommendations through clear technical reports and dashboards.

Continuous Improvement:

  • Stay current on attacker tactics (TTPs), new phishing/vishing toolkits, and protocol-level evasion techniques (e.g., sender forging, DMARC bypass).
  • Contribute to threat-intel feeds and internal knowledge bases.

Basic Qualifications:

Experience: 5-8 years total with 35 years in email security research or detection engineering, with a focus on spam, BEC, vishing, and impersonation.

Tools & Technologies:

  • Rule engines: Snort, YARA, ClamAV, SpamAssassin
  • Scripting: Python (experience with email libraries imaplib, email, etc.)
  • Cloud platforms: AWS or GCP (Lambda/Functions, serverless compute, storage)
  • Email Protocols & Forensics: Proficient with SMTP, MIME, DKIM, DMARC, SPF, and email header analysis.
  • Analytical Skills: Strong capability to sift through raw logs and MIME bodies to uncover malicious indicators.
  • Communication: Clear written and verbal skills to document findings for technical and non-technical audiences.

Preferred Qualifications:

  • Machine Learning & Analytics: Hands-on experience applying ML or statistical methods to email threat detection (e.g., feature engineering, anomaly detection, clustering).
  • Global SOC Environment: Prior work in a 247 Security Operations Center supporting multi-region email volumes.
  • Threat Intelligence Integration: Familiarity with integrating open-source or commercial intel feeds into detection pipelines.
  • Scripting & Infrastructure as Code: Experience with Terraform, CloudFormation, or similar for automated deployment of detection infrastructure.

Required Skills

Machine LearningTerraformPython