Staff Threat Researcher - Zero Labs

<h2>About Team</h2> <p class="p1"><span style="font-family: arial, helvetica, sans-serif; font-size: 10pt;">Rubrik Zero Labs is on a mission to deliver actionable, vendor-agnostic insights to reduce data security risks. We assess real-world cyber threats to advance cyber resilience best practices for global organizations</span>.</p> <h2><strong>About the Role</strong></h2> <p>We are assembling a new, elite threat research and intelligence team under Rubrik Zero Labs with a singular mandate: to provide the industry’s most advanced visibility into the adversary landscape. Unlike traditional teams limited by transient network or endpoint signals, we will leverage <strong>vast reservoirs of backup data to detect and expose latent and highly evasive threats</strong> that dwell silently within the environment. We are not just building a team; we are building a capability designed to rival the world’s premier intelligence units by turning data itself into our most powerful sensor.</p> <p>As a Staff Threat Researcher, you will be one of the founding architects of this mission. You won't just analyze threats; you will define the methodologies, build the infrastructure, and set the standard for how the organization detects, attributes, and exposes global cyber threats. This is an opportunity for a seasoned threat researcher to leave their mark on the industry by building the technical foundation of a world-class unit from the ground up.</p> <h2><strong>What you'll Do</strong></h2> <ul> <li style="font-family: arial, helvetica, sans-serif; font-size: 10pt;"> <ul> <li><strong>Hunt the Unknown:</strong> Lead deep-dive investigations into advanced persistent threats (APTs), nation-state actors, and complex cybercrime syndicates. </li> <li><strong>Decode the AI Threat Landscape:</strong> Pioneer research into the weaponization of Artificial Intelligence. You will investigate <strong>adversarial AI tactics</strong>—from LLM-assisted malware generation and deepfakes to prompt injection and model poisoning.</li> <li><strong>Build the Foundation:</strong> Architect and implement our threat intelligence platform (TIP), malware detonation sandboxes, and automated ingestion pipelines. </li> <li><strong>Thought Leadership:</strong> Emulating the industry's best, you will serve as the external face of our research. You will author technical whitepapers, detailed blogs, and represent the organization at top-tier conferences (Black Hat, DEFCON, RSA etc.).</li> <li><strong>Reverse Engineering:</strong> Dissect complex malware families to extract configuration data, command-and-control (C2) protocols, and attribution artifacts.</li> <li><strong>Detection Engineering:</strong> Translate raw intelligence into high-fidelity protection. You will write and maintain the <strong>YARA rules</strong> that protect our customer base.</li> </ul> <strong>Intelligence Fusion:</strong> Collaborate with engineering and product teams to ensure our findings are immediately weaponized into product capabilities.</li> </ul> <h2><strong>Experience you'll need</strong></h2> <ul> <li style="font-family: arial, helvetica, sans-serif; font-size: 10pt;"> <ul> <li><strong>7–10+ years</strong> of experience in Threat Intelligence, Incident Response, or Malware Analysis, with a track record of tracking threat actor groups (e.g., Lazarus, APT28, FIN7 etc.).</li> <li><strong>Deep Technical Tradecraft:</strong></li> <ul> <li>Expertise in <strong>static and dynamic malware analysis</strong> (IDA Pro, Ghidra, x64dbg).</li> <li>Strong proficiency in <strong>Python or Go</strong> for automating data collection, unpacking malware, and building custom analysis tools.</li> </ul> <li><strong>Adversary Knowledge:</strong> A comprehensive mental map of the global threat landscape, including the TTPs (Tactics, Techniques, and Procedures) mapped to the <strong>MITRE ATTCK</strong> framework.</li> <li><strong>Infrastructure Analysis:</strong> Proven ability to pivot through attacker infrastructure u ... (truncated, view full listing at source)