Information Security Engineer - Black Lotus Labs Threat Researcher (Crimeware)

About Lumen

Lumen connects the world. We are igniting business growth by connecting people, data and applications - quickly, securely, and effortlessly. Together, we are building a culture and company from the people up - committed to teamwork, trust and transparency. People power progress.

We're looking for top-tier talent and offer the flexibility you need to thrive and deliver lasting impact. Join us as we digitally connect the world and shape the future.

The Role

Black Lotus Labs is seeking a Security Engineer on the Research & Analysis team to specialize in Threat Research with an emphasis on the Crimeware and Ransomware ecosystem, proactively identifying and disrupting adversary infrastructure. This team leverages Lumen's global visibility of one of the world's largest and most interconnected IP backbones and a petabyte-scale compute cluster to perform cutting edge threat research, hunting and tracking advanced persistent threat actors (APTs) and emerging criminal activity as the threat actors traverse the internet. They empower customers to stay ahead of the evolving threat landscape.

Location

This is a remote position open to candidates based anywhere in the U.S.

The Main Responsibilities

Conduct threat research across technical data sets, fusing Black Lotus Labs telemetry with third party data sets, to automate detection of the latest threat attacker tools, techniques and procedures (TTPs) with a goal of automating detection.

Use industry-leading technical knowledge of adversary capabilities and infrastructure and define, develop, and implement techniques to lead the team in tracking sophisticated adversaries, delivering actionable threat intelligence data to Lumen customers.

Serve as Threat Research Subject Matter Expert, offering guidance and support to the Black Lotus Labs team on threat hunting activities, such as identifying knowledge gaps, troubleshooting technical challenges, developing solutions, and mentoring team members in overcoming obstacles. Set priorities for what threats to analyze to maximize team's impact.

Lead and enhance threat hunting operations by actively engaging with other research teams, building strong partnerships to achieve shared goals, exploring new data sources, and mentoring team members in executing workflows and solving complex challenges.

Provide expert analysis and strategic insights on emerging threats and vulnerabilities, translating complex technical information into actionable intelligence for executive leadership and external stakeholders.

Spearhead thought leadership initiatives by leading Black Lotus Lab's voice at security conferences and internal executive briefings.

What We Look For in a Candidate

Fluency in the ransomware attack chain, adversary TTPs, and detection techniques with an emphasis on detections of adversary infrastructure using network telemetry.

Proven experience in threat hunting and in-depth technical security research, demonstrating a strong track record of successfully identifying, tracking, and disrupting cybercriminal threat actors.

Deep understanding of advanced threat hunting methodologies, attacker tactics, techniques, and procedures (TTPs), and the ability to derive actionable threat hunts from complex data sets.

Demonstrated experience building prototype threat hunting solutions and large data analysis tools with Python (or other equivalent languages) on distributed computing frameworks.

Proven experience initiating and coordinating technical projects focused on telemetry collection, TTP based threat hunting, or developing threat hunt tools that have cross-organization impact on threat visibility, including leading private-public partnerships and multi-company collaborations.

Exceptional communication and presentation skills, including the ability to clearly and concisely convey complex technical information to both technical and non-technical audiences, ranging from executives and board members to conference attendees and internal stakeholders.

Experience developing threat research thought leadership such as blogs and presenting at industry conferences and in the media.

Highly organized with the ability to manage multiple tasks, prioritize effectively, and triage competing demands in a fast-paced environment.

Proven ability to lead and manage complex technical projects, effectively driving them to successful completion.

Well-experienced candidates may also have the following skills :

Proficiency in malware reverse engineering and incident response.

5+ years of experience leading teams of technical threat discovery professionals.

Software development experience in Docker and big data technologies like Hadoop, Spark, and Tensor Flow.

Compensation

This information reflects the anticipated base salary range for this position based on current national data. Minimums and maximums may vary based on location. Individual pay is based on skills, experience and other relevant factors.

Location Based Pay Ranges :

$129,639 - $172,852 in these states : AL, AR, AZ, FL, GA, IA, ID, IN, KS, KY, LA, ME, MO, MS, MT, ND, NE, NM, OH, OK, PA, SC, SD, TN, UT, VT, WI, WV, and WY.

$136,121 - $181,494 in these states : CO, HI, MI, MN, NC, NH, NV, OR, and RI.

$142,603 - $190,137 in these states : AK, CA, CT, DC, DE, IL, MA, MD, NJ, NY, TX, VA, and WA

#GSS

#LI-MG1

Lumen offers a comprehensive package featuring a broad range of Health, Life, Voluntary Lifestyle benefits and other perks that enhance your physical, mental, emotional and financial wellbeing. We're able to answer any additional questions you may have about our bonus structure (short-term incentives, long-term incentives and / or sales compensation) as you move through the selection process.

Learn more about Lumen's :

Benefits ()

Bonus Structure

Requisition # : 340001

Background Screening

If you are selected for a position, there will be a background screen, which may include checks for criminal records and / or motor vehicle reports and / or drug screening, depending on the position requirements. For more information on these checks, please refer to the Post Offer section of our FAQ page () . Job-related concerns identified during the background screening may disqualify you from the new position or your current role. Background results will be evaluated on a case-by-case basis.

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

Equal Employment Opportunities

We are committed to providing equal employment opportunities to all persons regardless of race, color, ancestry, citizenship, national origin, religion, veteran status, disability, genetic characteristic or information, age, gender, sexual orientation, gender identity, gender expression, marital status, family status, pregnancy, or other legally protected status (collectively, "protected statuses"). We do not tolerate unlawful discrimination in any employment decisions, including recruiting, hiring, compensation, promotion, benefits, discipline, termination, job assignments or training.

Disclaimer

The job responsibilities described above indicate the general nature and level of work performed by employees within this classification. It is not intended to include a comprehensive inventory of all duties and responsibilities for this job. Job duties and responsibilities are subject to change based on evolving business needs and conditions.

In any materials you submit, you may redact or remove age-identifying information such as age, date of birth, or dates of school attendance or graduation. You will not be penalized for redacting or removing this information.

Please be advised that Lumen does not require any form of payment from job applicants during the recruitment process. All legitimate job openings will be posted on our official website or communicated through official company email addresses. If you encounter any job offers that request payment in exchange for employment at Lumen, they are not for employment with us, but may relate to another company with a similar name.

Application Deadline

11 / 03 / 2025