Staff Security Research Engineer

Join to apply for the Staff Security Research Engineer role at Proofpoint About Proofpoint: proofpoint is a leading cybersecurity company protecting organizations through people-centric security across email, cloud, social media, and the web. We help customers stop targeted threats, safeguard data, and make users more resilient against cyber-attacks. Overview The Staff Security Research Engineer will be part of Proofpoint’s Threat Research team focused on tracking threat actors, malware, phishing, and TTPs, and developing software to detect and prevent threats for Proofpoint customers. What You’ll Do Design and develop software using Python with technical leadership for other engineers. Modify existing web-based UI for internal tools to maintain and extend sandbox submission and report UI for threat researchers. Write C or C++ for low-level OS interactions as needed. Develop and maintain web browser interaction capabilities using Chrome WebDriver. Analyze and reverse engineer JavaScript that fingerprints web browser artifacts to identify sandbox evasion checks and innovate solutions. Analyze web front-ends and the DOM; develop software for processing network traffic, including TLS decryption and PCAP processing. Collaborate with threat analysts and detection engineers to research threat actors and write detection rules on the developed systems. Create new detection languages and systems to enable threat researchers to develop detection rules; enhance existing detection languages for automated website interactions and threat pattern detection. Use AI large language models where appropriate to enhance threat detection pipelines, test evasion countermeasures, and decide when AI adds value. Design and develop automation pipelines to convert manual tasks into automated scripts. Stay current with evolving threat landscapes and attacker techniques, including URL sandbox fingerprinting/detection/evasion techniques. Provide expert assistance to threat researchers and analysts during phishing website analyses and red-team demonstrations as needed. Reverse engineer malware executable files for Windows as needed to support sandbox countermeasure development (primary malware reverse engineering responsibilities rest on other roles). Apply critical thinking to identify efficient threat mitigation approaches. Collaborate effectively within a remote team via chat, video, and conference calls. What You Bring To The Team Passion for threat research and a deep understanding of the security threat landscape and actor TTPs, including evasion and sandbox detection techniques. Production-grade Python coding with observability and monitoring." Experience with Docker container development. Experience with web browser automation. Experience analyzing network traffic with solid understanding of TLS, HTTP, and other protocols used by malware. Ability to work independently and as part of a distributed team in a fully remote environment. Nice to have (candidates without these still encouraged to apply): Experience with C and C++. Experience developing Windows API hooks and researching undocumented Windows APIs. Experience writing malware behavior signatures and analyzing malware with a debugger; willingness to learn. Experience with static reverse engineering using IDA Pro, Ghidra, Binary Ninja, or equivalent tools. Ability to interpret forensic output from dynamic analysis and sandbox environments. Experience with various malware sandboxes (e.g., Cuckoo, Joe Sandbox, Any Run, Triage). Additional Information Travel: 1% - 10% (flexible) for team collaboration or security conferences. Location: Remote in Canada, US, Argentina, UK, Ireland, Germany, France, Switzerland. Must be able to work during business hours local to your time zone. Why Proofpoint We offer competitive compensation, comprehensive benefits, learning and development programs, flexible work environment, wellness and volunteer days, recognition for contributions, and global collaboration. We are committed to growth, inclusion, and supporting our team’s success. How to apply: Interested? Submit your application here. We look forward to hearing from you. EEO and pay transparency: Our compensation reflects multiple U.S. geographic markets and may vary based on knowledge, skills, and experience. The actual offer will be based on the candidate. This role may be eligible for variable compensation and/or equity. We provide a comprehensive benefits package, including flexible time off and a Work from Anywhere option. Base Pay Ranges (illustrative): SF Bay Area/NYC Metro Area; All other locations; Canada/Europe ranges vary by location. Seniority level Not Applicable Employment type Full-time Job function Engineering and Information Technology Industries Computer and Network Security Note: This refined version preserves the job content while removing non-essential boilerplate and improving structure. If any section should be adjusted to better match internal templates, I can align further. #J-18808-Ljbffr