Staff Security Research Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

Proofpoint · 1 day ago

Staff Security Research Engineer

positionUnited States
timeFull-time
remoteRemote
seniorityLead/Staff
money$194K/yr - $285K/yr

Proofpoint is a leader in human-centric cybersecurity, protecting organizations' greatest assets against digital threats. The Staff Security Research Engineer will design and develop innovative software solutions to enhance threat detection and respond to evolving cyber threats, while collaborating closely with threat analysts and engineers.

EmailEnterprise SoftwareInformation TechnologyNetwork SecuritySaaS
check
H1B Sponsor Likelynote

Responsibilities

Design and develop software using a variety of languages, primarily Python, with little external guidance, while providing technical leadership to guide other software engineers on the team
Some skill in modifying existing web-based UI for internal tools is needed to maintain and extend the sandbox submission and report UI for Proofpoint threat researchers to use
Some work requires skill in writing C or C++ for low level interactions with the OS
Develop and maintain web browser interaction capabilities using Chrome web driver
Analyze and Reverse Engineer JavaScript that fingerprints web browser artifacts to identify sandbox web browsers or instrumentation, and innovate solutions to defeat those checks
Familiarity with analyzing web front-end and the Document Object Model (DOM)
Develop and maintain software for processing network traffic, including TLS decryption and processing PCAP files
Work closely with threat analysts and detection engineers who research threat actors and write detection rules which run on the systems you develop
As needed, create new detection languages and systems that allow threat researchers to develop detection rules
Add features to existing threat detection languages to allow greater flexibility by threat researchers to automate interactions with websites and detect threat patterns
Make use of AI Large Language Models as appropriate to enhance threat detection pipelines, produce samples to test evasion countermeasures, and make sound decisions about when applying AI is a benefit vs. a detriment to achieving goals
Design and develop automation pipelines to turn manual tasks into automated scripts
Stay abreast of a constantly evolving threat landscape
Understand the latest tactics, techniques, and procedures used by threat actors to bypass detection environments, especially URL sandbox fingerprinting / detection / evasion techniques used by threat actors
As needed, provide expert assistance and support to threat researchers and analysts as they analyze phishing websites, threat detection evasion techniques, and security research or red team demonstrations of new evasion techniques
As needed to support sandbox countermeasure development, reverse engineering malware executable files for Windows (note primary malware reverse engineering responsibilities rest on other job roles and are not expected regularly for this role)
Apply critical thinking skills to identify the most efficient and effective way to mitigate threats and evasions
Work effectively as part of a remote team using chat, video chat and conference calls
Work with other engineering teams, defining requirements, for continuous improvement of critical detection capabilities

Qualification

PythonThreat researchWeb browser automationNetwork traffic analysisC/C++DockerTLS decryptionCritical thinkingCollaborationRemote teamwork

Required

Design and develop software using a variety of languages, primarily Python, with little external guidance, while providing technical leadership to guide other software engineers on the team
Some skill in modifying existing web-based UI for internal tools is needed to maintain and extend the sandbox submission and report UI for Proofpoint threat researchers to use
Some work requires skill in writing C or C++ for low level interactions with the OS
Develop and maintain web browser interaction capabilities using Chrome web driver
Analyze and Reverse Engineer JavaScript that fingerprints web browser artifacts to identify sandbox web browsers or instrumentation, and innovate solutions to defeat those checks
Familiarity with analyzing web front-end and the Document Object Model (DOM)
Develop and maintain software for processing network traffic, including TLS decryption and processing PCAP files
Work closely with threat analysts and detection engineers who research threat actors and write detection rules which run on the systems you develop
As needed, create new detection languages and systems that allow threat researchers to develop detection rules
Add features to existing threat detection languages to allow greater flexibility by threat researchers to automate interactions with websites and detect threat patterns
Make use of AI Large Language Models as appropriate to enhance threat detection pipelines, produce samples to test evasion countermeasures, and make sound decisions about when applying AI is a benefit vs. a detriment to achieving goals
Design and develop automation pipelines to turn manual tasks into automated scripts
Stay abreast of a constantly evolving threat landscape
Understand the latest tactics, techniques, and procedures used by threat actors to bypass detection environments, especially URL sandbox fingerprinting / detection / evasion techniques used by threat actors
As needed, provide expert assistance and support to threat researchers and analysts as they analyze phishing websites, threat detection evasion techniques, and security research or red team demonstrations of new evasion techniques
As needed to support sandbox countermeasure development, reverse engineering malware executable files for Windows (note primary malware reverse engineering responsibilities rest on other job roles and are not expected regularly for this role)
Apply critical thinking skills to identify the most efficient and effective way to mitigate threats and evasions
Work effectively as part of a remote team using chat, video chat and conference calls
Work with other engineering teams, defining requirements, for continuous improvement of critical detection capabilities
A passion for threat research and a well-rounded yet deep understanding of the security threat landscape and actor TTPs, especially understanding how to develop countermeasures for threat actor evasions and sandbox detection techniques
Ability to write production-grade, reliable Python code with instrumentation that supports observability and monitoring of performance and errors is required
Experience developing software using Docker containers is required
Experience developing web browser automation is required
Experience analyzing network traffic for threat detection and a solid understanding of TLS, HTTP, and other network protocols used by malware is required
Willing and able to work independently and collaboratively as part of a distributed team of industry-leading security researchers
Ability to perform the above in a fully remote work environment

Preferred

Experience with C and C++ is a plus
Experience developing Windows API hooks and knowing how to research undocumented Windows API internal functions is a plus
Experience writing malware behavior signatures
Some experience analyzing malware using a debugger, and willingness to learn is a plus
Experience with statically reverse engineering malware using IDA Pro, Ghidra, Binary Ninja, or other reverse engineering tools is a plus, although being an expert is not required
Ability to accurately interpret the forensic output of dynamic analysis (sandbox) environments
Experience with a variety of publicly-available malware sandboxes (for example Cuckoo, Joe Sandbox, Any Run, Triage, etc.)

Benefits

Competitive compensation
Comprehensive benefits
Learning & Development We are committed to the growth and development of our team members, offering a range of programs including leadership and professional development workshops, stretch project assignments, and mentoring opportunities to help employees reach their full potential.
Flexible work environment [Remote options, hybrid schedules, flexible hours, etc.].
Annual wellness and community outreach days
Always on recognition for your contributions
Global collaboration and networking opportunities
Flexible time off
A comprehensive well-being program with two paid Wellbeing Days and two paid Volunteer Days per year
A three-week Work from Anywhere option

Company

Proofpoint

twittertwittertwitter
Glassdoor3.7
company-logo
Proofpoint provides cloud-based email security, e-discovery, and compliance solutions for companies to protect sensitive business data.
dateFounded in 2002
location
Sunnyvale, California, USA
people-size1001-5000 employees
web-link
http://www.proofpoint.com

H1B Sponsorship

Proofpoint has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (51)
2024 (52)
2023 (47)
2022 (103)
2021 (71)
2020 (54)

Funding

Current Stage
Public Company
Total Funding
$885.5M
Key Investors
DAG VenturesBridgescale PartnersMeritech Capital Partners
2021-04-26Acquired
2019-08-21Post Ipo Debt· $800M
2012-04-20IPO

Leadership Team

leader-logo
Sumit Dhawan
CEO
linkedin
leader-logo
Michael Frendo
Chief Technology Officer, Engineering
linkedin

Recent News

Security Week
8 Cybersecurity Acquisitions Surpassed $1 Billion Mark in 2025
2026-01-06
Business Wire
Ingram Micro is Simplifying and Accelerating B2B Sales Success for Cybersecurity SaaS Leader Proofpoint
2025-12-22
CRN
The 10 Biggest Tech M&A Deals Of 2025
2025-12-18
Company data provided by crunchbase