Principal Threat Research Engineer

The Principal Threat Research Engineer will identify, analyze, and mitigate evolving cyber threats by creating and maintaining effective threat detection signatures. This role requires deep expertise in understanding modern cyber threats, malware behavior, and signature writing for advanced threat detection technologies. You will work closely with cross-functional teams, such as threat intelligence, incident response, and security product development, to enhance the organization’s defense capabilities and provide strategic insight into the threat landscape.

Key Responsibilities:

• Signature Writing & Development:

i)        Design and develop accurate, high-quality signatures and detection rules for threat detection systems (IDS/IPS, AV, EDR).

ii)      Improve and update detection logic to adapt to the latest threats, exploits, and attack vectors.

iii)    Optimize detection signatures to minimize false positives and maximize detection efficiency across various security platforms.

• Threat Research & Analysis:

i)        Lead in-depth research into emerging cyber threats, malware, APT groups, and TTPs (Tactics, Techniques, and Procedures).

ii)      Analyze attack patterns, behavior, and malicious code to identify new detection opportunities.

iii)    Track and understand evolving threat landscapes, including new vulnerabilities, exploits, and attack campaigns.

• Collaborative Threat Intelligence:

i)        Collaborate with global threat intelligence teams to share threat research findings and develop a comprehensive understanding of adversarial behavior.

ii)      Maintain relationships with external threat-sharing communities and organizations to stay up-to-date on the latest threat information.

iii)    Support the security team in responding to active threats, providing detection strategies and remediation guidance.

• Detection Engineering & Optimization:

i)        Work closely with the detection engineering team to integrate custom and third-party signatures into existing detection platforms (SIEM, IDS/IPS, EDR).

ii)      Identify gaps in current detection methodologies and implement improved detection capabilities for advanced threats, such as zero-day exploits, fileless malware, and APT campaigns.

iii)    Conduct performance testing and tuning of signatures to ensure system stability and effectiveness under various network environments.

• Thought Leadership & Knowledge Sharing:

i)        Act as a subject matter expert on threat detection, signature development, and malware analysis for internal and external stakeholders.

ii)      Lead and mentor junior threat researchers and engineers by providing guidance, training, and technical expertise.

iii)    Create research reports, blogs, whitepapers, and presentations to communicate key research findings and trends to technical and non-technical audiences.

Required Qualifications:

• Bachelor’s or Master’s degree in Computer Science, Cybersecurity, Information Security, or a related field.
• 8+ years of experience in cybersecurity, with a focus on threat research, signature development, or malware analysis.
• Proven experience in writing and optimizing signatures for IDS/IPS, antivirus, and endpoint detection and response (EDR) solutions.
• Deep knowledge of cyber threats, including malware, ransomware, phishing, and advanced persistent threats (APTs).
• Strong understanding of network protocols, system internals (Windows, Linux), and attack techniques such as fileless malware, obfuscation, and evasion.
• Proficiency with malware analysis tools (e.g., IDA Pro, Ghidra), network analysis tools (e.g., Wireshark, Zeek), and sandbox environments.
• Experience with signature formats such as YARA, Snort, Suricata, and regular expression-based detection logic.
• Familiarity with MITRE ATT&CK framework and how it maps to threat detection and signature development.
• Strong problem-solving and analytical skills, with an ability to think critically about threat detection and mitigation strategies.
• Excellent verbal and written communication skills, with the ability to convey complex threat intelligence and detection strategies to a diverse audience.
• Ability to work collaboratively across teams and mentor junior team members.

Preferred Qualifications:

• Relevant cybersecurity certifications such as CISSP, GIAC, OSCP, or GREM.
• Expertise in scripting and automation (Python, PowerShell, Bash) to automate threat research and signature writing processes.
• Experience with cloud-based threat detection and response (e.g., AWS GuardDuty, Azure Sentinel).
• Familiarity with advanced hunting techniques, including threat hunting using logs, endpoint data, and network data.

Employee Value Proposition (EVP):

At Aryaka, we offer a dynamic and innovative work environment where you will have the opportunity to make a significant impact in the network security industry. Our commitment to cutting-edge technology and customer satisfaction provides a platform for continuous learning and professional growth.

Who Are we-

Aryaka is the leader and first to deliver Unified SASE as a Service, the only SASE solution designed and built to deliver performance, agility, simplicity and security without tradeoffs. Aryaka meets customers where they are on their unique SASE journeys, enabling them to seamlessly modernize, optimize and transform their networking and security environments. Aryaka’s flexible delivery options empower enterprises to choose their preferred approach for implementation and management. Hundreds of global enterprises, including several in the Fortune 100, depend on Aryaka for cloud-based software-defined networking and security services. For more on Aryaka, please visit www.aryaka.com

Why Aryaka –

We have won “Great Places to Work” World-Wide for 4 consecutive years because we have an amazing company culture that is inviting, collaborative, supportive, and inclusive to our employees.  We encourage our employees to expand their knowledge base and provide the tools to help them get there.  We are always innovating and looking at ways to improve and expand, and we listen to our employees and their ideas.  We have an amazing group of very respected “Thought Leaders” who are always open to mentoring.  We consider ourselves great Corporate Citizens which we show through our “Women In Technology” Program and “AryakaCares” Program as well as others. Our Benefits are World-Class and we offer a flexible work structure to allow you to maximize on your work/life balance. As Aryakans, we are 100% dedicated to being an equal opportunity employer and supporter of Diversity, Inclusion, and Belonging.

Third-Party Agency Notice: Aryaka does not accept unsolicited resumes from 3rd party agencies. Should any agency send a resume to any employee within Aryaka without explicit invitation, the resume will be considered a gift, and no fee will be paid. All agencies must have a signed contract from Talent Acquisition management prior to any engagement.