Principal Security Researcher

Prelude is a technology company that helps organizations proactively ask questions of their security systems to know if their defenses are protecting them from the latest threats. Built around the notion of visibility, our products conduct continuous probing that elicits answers to questions ranging from basic health checks to vulnerability to latest threats - across production environments. We are focused on bringing innovation to detection engineering, with custom detections and responses being brought to the user at machine speed.

Prelude is seeking a Principal Security Researcher to conduct in-depth technical analysis of modern and adaptive adversary tactics, enabling the development of relevant tests and effective/precise detections within Prelude’s products. As a subject matter expert, you will specialize in one or more areas crucial to Prelude's research, such as intelligence analysis, red team operations, malware development, reverse engineering, or detection engineering. Success in this role hinges on delivering high-quality research, driving innovation, adapting swiftly, and fostering collaboration across teams and business units.

• Conduct in-depth research on operating system internals to pinpoint sources of defensive telemetry crucial for detecting adversary tactics

• Analyze modern adversary tradecraft, deciphering technique relevance, inner workings, and detectability

• Translate and implement research findings into actionable improvements for Prelude's products

• Produce high-quality, public-facing security research content, including blog posts and conference talks

• Stay abreast of cutting-edge offensive and defensive security techniques through continuous self-study and research

• Serve as the subject matter expert in adversary tradecraft and security operations, supporting other business units on their projects as needed

• Support other Researchers on the team with their research and actively engage in team-driven initiatives

• Support all Prelude products and initiatives as the need arises

5+ years of experience in one or more of the following areas:

• Detection engineering, specifically, writing robust, production-scale queries in any major EDR

• Offensive security, specifically red team operations or purple teaming

• Malware development, ideally using C, C++, C#, Go, or Rust

• Primary source intelligence collection and technical analysis, targeting both open and closed sources  (Note: geopolitics and attribution are not in scope)

Deep knowledge of Windows operating system internals and reverse engineering

• Commonly used tools: IDA Pro, Binary Ninja, Ghidra, and WinDbg

Strong understanding of how modern EDRs/XDRs work internally

Ability to explain complex technical concepts and research outputs to both executive-level and highly technical consumers

Aptitude for working in a fast-paced, adaptive startup environment

• Understanding of cloud-based tradecraft (Azure and AWS preferred)

• Prior software development experience, especially using Rust

• Kernel-mode software (i.e., driver) development experience

We're a small, distributed team across the US & Canada that takes pride in high-quality and rapid product development. We get together annually for company offsites, and encourage co-working when possible.

We offer generous healthcare coverage for individuals and dependents, have flexible PTO and holidays, and actively encourage our team to take time off to decompress. We also offer equipment and educational reimbursements.

We recognize the deep-rooted issues of homogeneity in the tech industry and highly encourage people of all backgrounds and life experiences to apply. We're striving to build a product that's accessible and useful for everyone, and firmly believe that diversity within our team is important in that pursuit.