Staff Threat Intelligence Researcher

Please note that for this role, we are only considering residents of: AL, AR, FL, ID, IN, IA, KS, KY, LA, ME, MI, MN, MS, MO, MT, NE, NH, NM, NC, ND, OH, OK, SC, SD, TN, UT, VT, WV, WI, and WY.

Lookout, Inc. is the endpoint to cloud security company purpose-built for the intersection of enterprise and personal data. We safeguard data across devices, apps, networks and clouds through our unified, cloud-native security platform — a solution that's as fluid and flexible as the modern digital world. By giving organizations and individuals greater control over their data, we enable them to unleash its value and thrive. Lookout is trusted by enterprises of all sizes, government agencies and millions of consumers to protect sensitive data, enabling them to live, work and connect — freely and safely. To learn more about the Lookout Cloud Security Platform, visit www.lookout.com and follow Lookout on our blog, LinkedIn and Twitter.

We are looking for a Staff Security Researcher to join our Threat Intelligence team, a group of top-tier security researchers working to identify, investigate, and track targeted attacks on users of mobile devices. As a member of this team you will use an extensive arsenal of detection tools including the largest collection of mobile apps containing 200M+ Android and iOS apps to find and research mobile malware and hunt down malicious actors, their infrastructure, tooling and techniques.

What you’ll do:

• Identify, analyze and track advanced nation state and financially motivated threat actors and their tactics, techniques, and procedures (TTPs).
• Develop strategies to hunt mobile threats targeting enterprises and individuals.
• Reverse-engineer and analyze capabilities of mobile malware.
• Investigate adversary command-and-control and phishing infrastructure.
• Conduct independent research and report findings to Threat Intelligence customers.
• Mine internal and external data sources to identify new campaigns, malware families, and malicious actors.
• Devise and implement new detection rules and develop innovative and efficient ways to expand and finetune coverage.
• Prepare and deliver public media reports and present findings at conferences.
• Participate in activities involving customers, prospects, and partners.

What we’re looking for:

• Experience in threat hunting across multiple datasets, security tools such as VirusTotal, Validin, and Shodan and leveraging big data technologies (e.g., Lucene, ElasticSearch, AWS Athena).
• Experience in reverse engineering software (mobile app reversing preferred).
• Ability to articulate technical findings both in written reports and presentations. 
• Experience using some of the following tools: JEB, IDA Pro, Ghidra, Hopper, Frida, Wireshark, DirBuster.
• Ability to read code in Java and C; ARM Assembly, ObjectiveC and Swift is a bonus.
• Experience in conducting OSINT investigations.
• Ability to create research tools in Python.
• Experience with threat intelligence file types, tools and terminology such as MITRE ATT&CK, STIX, YARA, MISP, OpenCTI and the Intelligence Cycle.

• Interest in geopolitical dynamics and the ability to apply that context to inform intelligence analysis and threat hunting activities.
• Curiosity and a strong drive to understand how both state and criminal actors operate.