JOB SUMMARY:

As a Senior Software Engineer specializing in malware detonation sandboxes, you will play a pivotal role in Protecting Splunk Attack Analyzer customers from threats. Your responsibilities encompass managing and optimizing a fleet of malware sandbox environments with a strong focus on automation, security, and operational reliability. You will apply your expertise in Python, virtualization, static and dynamic analysis to ensure efficient, scalable and reliable detonation of suspect files and URLs.
Your understanding of behavioral malware analysis on Windows (including OS hooks and event log analysis), static detection engines/languages (e.g., Yara, ClamAV, Sigma), and network IDS/IPS technologies (e.g., Snort, Suricata,Zeek) at a fundamental level will be crucial for success in the rule. You should also become comfortable with automation tools (e.g., Ansible, Puppet) for handling large-scale sandbox infrastructure and have the ability to operate Visual Studio C++ for driver/dll compilation. You will collaborate with multi-functional teams to integrate sandbox insights with broader security tooling, drive the migration of sandbox environments to cloud platforms (AWS, GCP, etc.), and ensure operational continuity and compliance. Continuous innovation and documentation are key to the role, supporting evolving defensive strategies against sophisticated adversaries.

REQUIRED QUALIFICATIONS:

• Bachelor’s degree in Computer Science, Computer Engineering, or related field; or equivalent work experience
• 5+ years of extensive experience in managing and maintaining sandbox environments for automated malware analysis.
• Proficient in Python; familiarity with Bash or PowerShell scripting.
• Deep understanding of virtualization technologies and sandbox platforms (Cuckoo, CAPE, etc.).
• Practical experience with behavioral malware analysis, Windows OS internals, and event log analysis.
• Operational familiarity with Visual Studio C++ for tool development or analysis tasks.
• Hands-on experience with static detection languages/tools (Yara, ClamAV, Sigma).
• Solid understanding of network IDS/IPS (Snort, Suricata, Zeek) and their application to malware analysis.
• Experience with configuration management tools (e.g., Terraform, Puppet, Chef, Ansible).
• Solid understanding of networking, security, and system administration.
• Expertise in AWS, GCP, and experience with cloud migration projects.
• Excellent collaboration, documentation and communication skills to work with cybersecurity teams and other partners.
• Up-to-date knowledge of the emerging malwares, sandbox technologies, and cloud methodologies.
• Demonstrated ability to mentor junior engineers and lead technical initiatives.

• Manage, maintain, and optimize malware detonation sandboxes and supporting infrastructure, ensuring high availability and performance.
• Lead the migration and integration of sandbox environments to cloud platforms (AWS, GCP), including secure deployment and adoption of cloud-native security tools.
• Integrate and maintain sandbox platforms and static detection engines.
• Apply behavioral malware analysis techniques, including Windows OS hooks and event log analysis.
• Operate and tune network IDS/IPS systems to enrich threat detection.
• Apply configuration management and automation tools to handle and scale the sandbox fleet.
• Collaborate with security, engineering, and infrastructure teams to integrate sandbox insights with broader detection and response tools.
• Architect solutions to overcome sophisticated threat actor techniques (evasion, anti-analysis, etc.).
• Patch, resolve and update sandbox systems to maintain robust, secure operations.
• Document technical processes, configurations, and analysis results to support information sharing and compliance.
• Stay ahead of emerging malware, sandbox, and cloud technologies to drive continuous improvement.