Job Title:

Sr Staff Security Researcher - EDR

About Trellix:

Trellix, the trusted CISO ally, is redefining the future of cybersecurity and soulful work. Our comprehensive, GenAI-powered platform helps organizations confronted by today’s most advanced threats gain confidence in the protection and resilience of their operations. Along with an extensive partner ecosystem, we accelerate technology innovation through artificial intelligence, automation, and analytics to empower over 53,000 customers with responsibly architected security solutions.
We also recognize the importance of closing the 4-million-person cybersecurity talent gap. We aim to create a home for anyone seeking a meaningful future in cybersecurity and look for candidates across industries to join us in soulful work. More at https://www.trellix.com/.

Role Overview:

We are seeking a highly skilled and deeply technical Sr. Staff Security Researcher to join our research team and lead innovation in the detection capabilities of our EDR product. This strategic role combines hands-on research, reverse engineering, and detection development with architectural vision and cross-functional collaboration. You will investigate emerging attack techniques, design novel detection approaches, and help shape the future of our EDR platform. The role also includes opportunities to publish technical blogs, present at industry conferences, and contribute to community research—showcasing your work and advancing the broader security field.

Key Responsibilities

Lead efforts to reverse engineer sophisticated malware, identifying malicious code, obfuscation techniques, and communication protocols. 

Author advanced detection rules for behavior-based detection engines.

Conduct comprehensive research on attacker campaigns and techniques to support detection investments and enhance customer experience.

Develop and optimize generic threat detection strategies based on static and dynamic detection engines.

Drive innovation in EDR detection and prevention capabilities, identifying new research directions and turning ideas into production-grade features.

Demonstrate a strong understanding of cybersecurity threats, sophisticated attack techniques, and the MITRE ATT&CK framework.

Perform advanced proactive and reactive threat hunting to identify detection issues such as misses or misclassifications from large-scale datasets.

Respond to escalations to resolve detection effectiveness issues (misclassifications, false positives, and false negatives).

Collaborate with cross-functional teams within the product organization including product management, engineering and research to drive exceptional customer experiences and ensure comprehensive protection.

Develop advanced alerting, reporting, and automated detection solutions.

Stay abreast of the latest cybersecurity threats, attack techniques, detection evasion tactics, OS features, and industry developments.

Build and maintain tools and automation to improve productivity and detection efficacy.

Utilize machine learning techniques to enhance threat detection and response capabilities.

Serve as a mentor to junior researchers, providing technical guidance and fostering a strong research culture.

Publish blogs, speak at security conferences, and engage with the security research community to share insights and elevate our team’s presence.

Qualifications

10+ years of experience in security research, reverse engineering, malware analysis, or detection development using Snort, Yara, Sandbox, or proprietary detection engines.

7+ years of experience performing threat hunting or deep familiarity with incident response procedures, processes, and tools.

7+ years of experience querying and analyzing large datasets.

Deep technical knowledge of modern attack techniques (e.g., process hollowing, reflective DLL injection, UAC bypass, credential dumping, network pivoting).

Strong familiarity with MITRE ATT&CK, threat modeling, and telemetry architecture.

Extensive hands-on experience with reverse engineering and debugging tools and techniques (e.g., IDA Pro, Ghidra, WinDbg, x64dbg).

Expertise in programming and scripting with C++ and Python, including production-level experience in shipping large-scale security or system software.

In-depth understanding of operating system internals (e.g., Windows system calls, ETW, kernel callback routines, WFP, and driver development).

Hands-on experience with vulnerability research, including fuzzing, binary diffing, mitigation bypass, and exploitation.

Demonstrated experience designing and delivering detection logic across multiple OSs (Windows/macOS/Linux) in a production EDR context.

Experience with applying machine learning techniques to cybersecurity problems.

Experience leading complex cross-functional security initiatives or projects.

Proven ability to mentor and develop junior researchers.

Strong communication and technical writing skills, with experience authoring technical blogs or presenting at security conferences.

Company Benefits and Perks:

We believe that the best solutions are developed by teams who embrace each other's unique experiences, skills, and abilities. We work hard to create a dynamic workforce where we encourage everyone to bring their authentic selves to work every day. We offer a variety of social programs, flexible work hours and family-friendly benefits to all of our employees.

Retirement Plans

Medical, Dental and Vision Coverage

Paid Time Off

Paid Parental Leave

Support for Community Involvement

We're serious about our commitment to a workplace where everyone can thrive and contribute to our industry-leading products and customer support, which is why we prohibit discrimination and harassment based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation or any other legally protected status.