Cyber Security Researcher and Developer

Cyber Security Researcher and Developer (Active Directory)Cyber Security Researcher and Developer (Active Directory)

Cyber Security Researcher & Developer (Active Directory)Position Overview

We are seeking an experienced Cyber Security Researcher and Developer to join our team and lead the development of a cutting-edge Security Information and Event Management (SIEM) solution specifically designed for Active Directory environments. This role combines deep cybersecurity expertise with advanced development skills to build innovative detection capabilities using graph-based data analysis.

Key ResponsibilitiesSIEM Development & Architecture

• Design and develop a comprehensive SIEM platform tailored for Active Directory security monitoring
• Architect scalable data collection pipelines to ingest AD logs, events, and metadata
• Build real-time and batch processing systems for AD security data analysis
• Implement advanced correlation engines to identify complex attack patterns across AD infrastructure

Active Directory Security Research

• Research emerging threats and attack vectors targeting Active Directory environments
• Develop detection algorithms for AD-specific attacks (Golden Ticket, Silver Ticket, DCSync, Kerberoasting, etc.)
• Analyze AD attack paths and privilege escalation techniques
• Create behavioral baselines for normal AD operations to improve anomaly detection

Graph Data Analysis & Implementation

• Design and implement graph-based data models representing AD relationships and trust structures
• Develop graph algorithms to identify suspicious access patterns and lateral movement
• Build graph traversal queries to detect attack paths and privilege escalation chains
• Optimize graph database performance for large-scale AD environments

Detection Engineering

• Create high-fidelity detection rules and signatures for AD-based threats
• Develop machine learning models for behavioral analysis of AD users, computers, and services
• Build automated threat hunting workflows and investigation playbooks
• Implement alert correlation and de-duplication mechanisms to reduce false positives

Required QualificationsTechnical Expertise

• 5+ years of experience in cybersecurity research and development
• 3+ years of hands-on experience with Active Directory security and administration
• Strong expertise with graph databases (Neo4j, Amazon Neptune, Azure Cosmos DB, etc.)
• Proficiency in graph query languages (Cypher, Gremlin, SPARQL)
• Advanced programming skills in Python, C#, PowerShell, or Java
• Experience with big data technologies (Elasticsearch, Apache Kafka, Apache Spark)

Security Knowledge

• Deep understanding of Active Directory architecture, protocols (Kerberos, LDAP, NTLM), and security models
• Extensive knowledge of AD attack techniques and MITRE ATT&CK framework
• Experience with Windows event log analysis and forensics
• Understanding of enterprise security monitoring and SIEM platforms
• Knowledge of threat intelligence and IOC management

Development Skills

• Experience building scalable, distributed systems
• Proficiency with cloud platforms (AWS, Azure, GCP) and containerization (Docker, Kubernetes)
• Knowledge of API development and microservices architecture
• Experience with CI/CD pipelines and DevSecOps practices
• Database design and optimization experience

Preferred Qualifications

• Advanced degree in Computer Science, Cybersecurity, or related field
• Security certifications such as CISSP, GCIH, GREM, or equivalent
• Experience with commercial SIEM platforms (Splunk, QRadar, Sentinel, etc.)
• Knowledge of machine learning and data science techniques for security analytics
• Experience with threat hunting and incident response
• Contributions to open-source security tools or research publications
• Knowledge of compliance frameworks (SOX, PCI-DSS, HIPAA)

What You'll Work OnCore SIEM Platform

• Build data connectors for various AD log sources (Domain Controllers, ADFS, ADCS, DNS)
• Develop real-time event processing and enrichment capabilities
• Create intuitive dashboards and visualization tools for security analysts
• Implement automated response and remediation workflows

Advanced Analytics Engine

• Design graph-based models to represent AD relationships and dependencies
• Build algorithms to detect anomalous patterns in user behavior and system access
• Develop predictive models for identifying potential security incidents
• Create automated threat hunting capabilities using graph traversal techniques

Research & Innovation

• Stay current with emerging AD security threats and defensive techniques
• Prototype new detection methods and proof-of-concept security tools
• Collaborate with threat intelligence teams to incorporate external feeds
• Publish research findings and present at security conferences

Technical Environment

• Languages: Python, C#, PowerShell, JavaScript/TypeScript
• Databases: Neo4j, Elasticsearch, SQL Server, PostgreSQL
• Platforms: Windows Server, Linux, Azure, AWS
• Tools: Splunk, ELK Stack, Apache Kafka, Docker, Kubernetes
• Methodologies: Agile/Scrum, DevSecOps, Test-Driven Development

Team & Culture

Join a collaborative team of security researchers, data scientists, and engineers passionate about advancing cybersecurity defense capabilities. We foster innovation, continuous learning, and knowledge sharing while maintaining a focus on practical security outcomes.

Seniority level

• Seniority levelMid-Senior level

Employment type

• Employment typeFull-time

Job function

• Job functionInformation Technology
• IndustriesSoftware Development

Referrals increase your chances of interviewing at WhyCrew by 2x

Sign in to set job alerts for "Security Researcher" roles.Senior Security Operations Center (SOC) AnalystSenior Security Operations Center (SOC) AnalystSecurity Operations Center (SOC) EngineerSenior Cyber Security Operations Engineer I

We're unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

#J-18808-Ljbffr

---