Threat Detection Engineer Intern

It's fun to work in a company where people truly BELIEVE in what they're doing!

We're committed to bringing passion and customer focus to the business.

The Role:

This intern role is responsible for aiding in creating detection rules for our Emerging Threats Pro IDS feed product and static detections for threats in email. You'll learn from seasoned threat detection engineers to write network signatures for our IDS and email defense customers – all to detect malware and credential phishing threats.

As an intern on the Emerging Threats team, you will perform dynamic malware analysis and spend time searching through forensic data to facilitate signature creation, analyze threats, and then make that information meaningful to our customers. You’ll be a part of a team of dynamic and creative threat researchers focused on finding malware, understanding how it works, and using that knowledge to augment our products.

Your day-to-day:

• Write intrusion detection rules for the Snort and Suricata platform
• Write ClamAV rules for internal static processing
• Answer support questions about rule guidance and false positives
• Work with the open-source community to maintain and optimize the ETOpen ruleset
• Research new and past threats, including malware, exploit kits, and vulnerabilities.
• Help maintain the existing expansive ETPRO ruleset through performance tuning and pruning irrelevant rules when necessary

What you bring to the team:

• Experience with network traffic inspection tools, such as Wireshark, tcpdump, Arkime, and Zeek.
• Knowing of PKE & encryption algorithm standards & practices
• Experience with Malware Analysis and Investigation
• Familiarity with writing signatures for the Snort or Suricata IDS platforms.
• Experience with yara rules
• Experience with ClamAV signature creation
• An interest in the cyber-threat landscape
• Familiarity with virtualization technologies, such as VMware products, VirtualBox, KVM, etc.
• Experience with one or more scripting languages. Lua or Python proficiency preferred.
• Experience analyzing and interpreting host, network, and memory artifacts from sandbox environments.
• Experience with PCRE.
• Excellent verbal and written communication skills
• Creativity, enthusiasm for the malware space, and willingness to collaborate with the team
• Must be able to work independently

Candidate Profile:

You have the ability and interest in working remote full-time (a maximum of 38 hours/week) this summer and part-time (a maximum of 20 hours/week) for 9 months afterward. You are currently pursuing an undergraduate degree with a strong academic record. This internship is scheduled to begin in Summer 2025 and continue through 2026 (1-year program).

If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!