Senior Security Researcher at Sumo Logic
Redwood City, CA, US

In June 2017, Sumo Logic announced another $75M funding round led by Sapphire Ventures, with participation from new and existing investors including DFJ Growth, Greylock Partners, Sequoia Capital, and others ( https://www.sumologic.com/press/2017-06-27/75-million-funding-round/). This brings our total funding to $235.5M to date.  Sumo Logic’s business has scaled significantly, tripling both our annual recurring revenue and customer count to over 1,500 customers, reflecting every major vertical and company size. 

Who Are We?
We are a secure, cloud-native, machine data analytics service, delivering real-time, continuous intelligence from structured, semi-structured and unstructured data across the entire application lifecycle and stack. Our mission is to democratize analytics, making it accessible, simple and powerful for businesses of all sizes to build, run and secure their organizations. With Sumo Logic, customers can harness the power of machine data to gain operational business and customer insights that lead to competitive advantage and differentiated customer experience.

What Do We Do?
Sumo Logic was founded in 2010 by experts in log management, scalable systems, big data, and security. We imagined a world of Yottabyte-scale machine data, where machine learning algorithms and advanced analytics could make sense of it all. Today, our purpose-built, cloud-native service analyzes more than 100 petabytes of data, more than 16 million searches, and delivers 10s of millions of insights daily – positioning Sumo among the most powerful machine data analytics services in the world. Our customers around the globe rely on Sumo Logic for the analytics and insights to build, run and secure their modern applications and cloud infrastructures. With Sumo Logic, customers gain a service-model advantage to accelerate their shift to continuous innovation, increasing competitive advantage, business value, and growth.

 

Senior Security Researcher

The core mission of this team is to provide a world-class security analytics platform to our enterprise customers.

We will accomplish this by building best of breed technology for pattern recognition, pattern discovery, user and entity behavioral anomaly detection with strong models of the protected network, users, and known threats, and investigation workflow. All of these will be integrated with Sumo Logic’s log analytics capabilities already in use by thousands of enterprise customers worldwide.

As a member of this team you will be expected to serve as the subject matter expert, lead construction of security content, oversee cross-customer data collection and interpretation, and contribute to the overall direction of security analytics at Sumo Logic.

Responsibilities

  • Produce and test durable heuristic prevention and alerting signatures.
  • Leverage internal and external data sources to actively hunt for new exploit detections and correlated threat campaigns and web-based exploit kits.
  • Collect open source information for aggregation into our intelligence repository.
  • Analyze exploit code, vulnerabilities, and attacker tools to assess their functionality, origin, and purpose.
  • Develop tools to assist with the automation of collection and processing of threat data.
  • Perform coverage and capability gap analysis of the Sumo Logic security analytics offering, ensuring true positive fully contextual detections.
  • Present new research at conferences and at customer meetings as desired.
  • Respond to Requests for Information (RFIs) from our consumer organizations within Sumo Logic.

Qualifications

  • Excellent written and verbal communication skills, and experience working on remote teams.
  • Strong understanding of computer science fundamentals, specifically networking, databases and tool development.
  • Strong understanding of security operations: perimeter defense, forensics, incident response, kill chain analysis, risk assessment, and security metrics.
  • Understanding of malware construction, usage, and detection techniques.
  • Understanding of vulnerability discovery and severity assessment methodologies.
  • Experience developing profiles of actors and groups based on data.
  • Experience developing and deploying effective countermeasures (Yara, Snort, SIEM Correlation Rules, UEBA, etc.)
  • Experience working as a security analyst in a SOC.
  • Prior use of intelligence tools such as Maltego, Analyst’s Notebook, and Palantir.
  • Prior use of network analysis tools such as Wireshark, TCPDump, and Scapy.
  • Candidates must be open to travel requirements (up to 10%).
  • BS/MS or equivalent experience required.