Senior Threat Research Engineer

Threat Research Engineer - Threat Protection

The Role

As a Threat Research Engineer, you will be a key player in defending our customers against a wide array of email-borne threats, with a primary focus on utilizing and enhancing our anti-spam engines and rule-based detection systems. You will be hunting for threats like phishing, business email compromise (BEC), spam, and other unwanted mail within large datasets. Your core responsibilities will involve in-depth analysis of email characteristics, developing and tuning detection strategies for our anti-spam platforms, documenting new attack techniques, and identifying detection gaps. You will collaborate closely with product and engineering teams to suggest and implement improvements, ensuring our email security solutions remain highly effective.

Why Join Our Team?

At Mimecast, you'll directly combat emerging email threats, dissecting attacker TTPs and crafting robust detection rules. This is a unique opportunity to leverage vast real-world data and advanced anti-spam engines, transforming your research into tangible protection for millions of users globally. If you're driven to understand and neutralize the latest email attack vectors, Mimecast offers a dynamic environment where your work has immediate and significant customer impact, keeping organizations safe every day.

What You'll Do:

• Proactively identify and dissect diverse email-borne threats, including sophisticated phishing, Business Email Compromise (BEC), malware campaigns, and pervasive spam.
• Conduct in-depth technical analysis of email headers, content, sending infrastructure, URLs (particularly in the context of phishing and spam), and other message attributes to identify crucial patterns and characteristics of unwanted or malicious email.
• Develop, test, and maintain complex detection signatures and rules in antispam engines (e.g., Rspamd, SpamAssassin etc)
• Monitor threat trends and adapt detection logic to keep pace with evolving attack techniques.
• Collaborate with a global team of Threat Researchers to investigate complex campaigns, share insights, and collectively improve detection efficacy.
• Automate data extraction, in-depth analysis, and the reporting of detection performance and efficacy.
• Query and analyse large datasets utilise platforms such as Clickhouse, AWS Athena etc. identify detection gaps, measure scanner effectiveness, and drive data-informed improvements.
• Document observed Tactics, Techniques, and Procedures (TTPs) related to email-delivered threats and communicate them internally or externally.
• Participate in cross-functional projects with Product, Engineering, and Operations teams to enhance Mimecast's overall security posture and product capabilities.

What You'll Bring:

• Experience with email detection/filtering engines (Rspamd, SpamAssassin, MailScanner, or similar), including rule/signature development.

• Knowledge of the email threat landscape, their associated TTPs, and a strong curiosity to learn about the infrastructure and methodologies behind phishing and malicious email campaigns.
• Understanding of core email protocols (SMTP/POP/IMAP) and authentication standards (DKIM, SPF, DMARC).
• Experience in Python/Lua or other scripting languages, effectively applied to automation, data analysis, and tool development.
• Advanced SQL skills for querying, manipulating, and extracting insights from large, complex datasets.
• Excellent time management and ability to self-prioritize in a fast-paced environment.
• Able to collaborate effectively both in-office and remotely; strong written and verbal communication skills.
• A genuine eagerness to learn continuously, adapt to new challenges, and proactively share knowledge with colleagues.

What We Bring:

Join our Threat Protection team to accelerate your career journey, working with cutting-edge technologies and contributing to projects that have real customer impact. You will be immersed in a dynamic environment that recognizes and celebrates your achievements.

Mimecast offers formal and on-the-job learning opportunities, maintains a comprehensive benefits package that helps our employees and their family members to sustain a healthy lifestyle, and importantly - working in cross functional teams to build your knowledge!

Our Hybrid Model: We provide you with the flexibility to live balanced, healthy lives through our hybrid working model that champions both collaborative teamwork and individual flexibility. Employees are expected to come to the office at least two days per week, because working together in person:

• Fosters a culture of collaboration, communication, performance and learning
• Drives innovation and creativity within and between teams
• Introduces employees to priorities outside of their immediate realm
• Ensures important interpersonal relationships and connections with one another and our community!

The US base salary range for this position is $144,000-$216,000 base + benefits. This reflects the minimum and maximum target for new hire salaries for this position. This position may also be eligible for bonus, incentive plans, and other related benefits. Our salary ranges are determined by role, level, and location. These factors and individual capabilities will also determine the individual pay offered.

#LI-CS1

DEI Statement

Cybersecurity is a community effort. That's why we're committed to building an inclusive, diverse community that celebrates and welcomes everyone - unless they're a cybercriminal, of course.

We're proud to be an Equal Opportunity and Affirmative Action Employer, and we'd encourage you to join us whatever your background. We particularly welcome applicants from traditionally underrepresented groups.

We consider everyone equally: your race, age, religion, sexual orientation, gender identity, ability, marital status, nationality, or any other protected characteristic won't affect your application.

Due to certain obligations to our customers, an offer of employment will be subject to your successful completion of applicable background checks, conducted in accordance with local law.