Senior Detection Engineer
Greater NYC Area
5 days ago
Threat modeling: how would you game the system - taking a systematic approach to understanding the incentives of a system, as well as its payment triggers and potential bad actors, and presenting the characteristics and behaviors of those models.
Raw signal development: this is where the detection team thrives and requires some level of creative problem solving. The better the technical signal we can extract from different environments, the stronger our detection and prevention abilities are.
Marker development: markers are our core algorithms that take in raw signal and output a decision. We are continuously developing markers for various types of fraud, specific bots, malware packages, and other things. This is the heart of the system.
Threat Intel and attribution: this area of research involves taking all the data we have and exploring attribution to software, malware, and sometimes actors. It will also involve applying data science techniques to detect potential false negatives, false positives, and signs of adversary adaptation, as well as reverse engineering applicable malware and bot samples for new detection leads.
Software Development. A lot of the output of detection results in pushing code to production. We must do this in way that allows for rapid experimentation of signal without compromising safety or potential impact to end users. The system must also be secure and minimize the attack surface to compromise our payload for delivery of malware.