Threat Detection Engineer Intern

It’s fun to work in a company where people truly BELIEVE in what they’re doing!

We’re committed to bringing passion and customer focus to the business.

The Role:

This intern role is responsible for aiding in creating detection rules for our Emerging Threats Pro IDS feed product and static detections for threats in email. You’ll learn from seasoned threat detection engineers to write network signatures for our IDS and email defense customers – all to detect malware and credential phishing threats.

As an intern on the Emerging Threats team, you will perform dynamic malware analysis and spend time searching through forensic data to facilitate signature creation, analyze threats, and then make that information meaningful to our customers. You’ll be a part of a team of dynamic and creative threat researchers focused on finding malware, understanding how it works, and using that knowledge to augment our products.

Your day-to-day:

• Write intrusion detection rules for the Snort and Suricata platform

• Write ClamAV rules for internal static processing

• Answer support questions about rule guidance and false positives

• Work with the open-source community to maintain and optimize the ETOpen ruleset

• Research new and past threats, including malware, exploit kits, and vulnerabilities.

• Help maintain the existing expansive ETPRO ruleset through performance tuning and pruning irrelevant rules when necessary

What you bring to the team:

• Experience with network traffic inspection tools, such as Wireshark, tcpdump, Arkime, and Zeek.

• Knowing of PKE & encryption algorithm standards & practices

• Experience with Malware Analysis and Investigation

• Familiarity with writing signatures for the Snort or Suricata IDS platforms.

• Experience with yara rules

• Experience with ClamAV signature creation

• An interest in the cyber-threat landscape

• Familiarity with virtualization technologies, such as VMware products, VirtualBox, KVM, etc.

• Experience with one or more scripting languages. Lua or Python proficiency preferred.

• Experience analyzing and interpreting host, network, and memory artifacts from sandbox environments.

• Experience with PCRE.

• Excellent verbal and written communication skills

• Creativity, enthusiasm for the malware space, and willingness to collaborate with the team

• Must be able to work independently

Candidate Profile:

You have the ability and interest in working remote full-time (a maximum of 38 hours/week) this summer and part-time (a maximum of 20 hours/week) for 9 months afterward. You are currently pursuing an undergraduate degree with a strong academic record. This internship is scheduled to begin in Summer 2025 and continue through 2026 (1-year program).

If you like wild growth and working with happy, enthusiastic over-achievers, you’ll enjoy your career with us!

Proofpoint has been honored with six Best Places to Work Awards in 2024 by workplace culture leader Comparably, including Best Company Career Growth, Best Company Outlook, Best Global Culture, Best Engineering Teams, Best Sales Teams, and Best HR Teams.

To view additional awards, please visit www.proofpoint.com/us/news#awards

Proofpoint thrives on the invaluable contributions of our diverse workforce, which encompasses a kaleidoscope of lived experiences, thoughts, perspectives, and professional expertise. We attribute much of our success to our people, who are at the core of our organization and embody our people-centric ethos.

We hire the most innovative minds globally to safeguard our customers’ sensitive data and intellectual property. Our talented workforce develops and leverages our advanced technology, combining their expertise to provide comprehensive protection against threat actors and mitigate the risks posed by both malicious and negligent employees.

Cyberattacks have the potential to disrupt access to vital resources such as energy, water, transportation, healthcare, and financial services. At Proofpoint, our dedicated team works tirelessly to ensure world-class cyber resilience, protecting approximately 8,000 enterprise customers worldwide.

We are committed to creating a diverse, equitable, and inclusive environment. We work every day to ensure that our employees feel that they are in a community that celebrates their unique identity, cultivates their sense of belonging, and invests in their professional growth. We have 9 employee-led employee inclusion groups which help support both employees and our organization by providing opportunities to network, discuss career and cultural development and uplift the corporate culture to create a more inclusive workplace.

At Proofpoint, we have a passion for protecting people, data, and brands from today’s advanced threats and compliance risks. We hire the best people in the business to:

• Build and enhance our proven security platform

• Blend innovation and speed in a constantly evolving cloud architecture

• Analyze new threats and offer deep insight through data-driven intel

• Collaborate with customers to help solve their toughest security challenges

We are singularly devoted to helping our customers protect what matters most. That’s why we’re a leader in next-generation cybersecurity-and why more than half of the Fortune 100 trust us as a security partner.

Proofpoint is an equal opportunity employer, we hire without consideration to race, religion, creed, color, national origin, age, gender, sexual orientation, marital status, veteran status or disability.

Proofpoint is an equal opportunity employer, we hire without consideration to race, religion, creed, color, national origin, age, gender, sexual orientation, marital status, veteran status or disability.