We're a fully distributed team and as required by federal law this role is open only to any US citizen based in the US.

Why Sublime

Nation states, criminal organizations, and lone wolves attempt to phish businesses, non-profits, and governments 24/7/365. When they succeed it can be extraordinarily destructive, disrupting coronavirus research, impacting a US presidential election, or damaging a country’s national defense. Email is the #1 attack vector, and last year phishing cost US businesses over $9B in direct financial losses.

Security professionals deserve superpowers that make them the heroes in this fight.

What we do

Sublime is making email security programmable.

Many companies have tried to solve phishing using black box ML. They've failed for the past 20 years. We're taking a different approach - we've created a DSL to enable security professionals, IT admins, and academic researchers to quickly develop new phishing detection rules. These new, community-built rules can be powered by arbitrary sets of ML models, 3rd party enrichment services, and custom functions. All backed by a GitHub-like system for version control that makes sharing and collaboration easy for the first time ever.

Here's an example of a moderately sophisticated phishing detection rule that is written in Sublime's Message Query Language (MQL):

// rules can detect inbound, internal, or outbound messages
type.inbound

// identify credential theft language in the body using NLU
and any(ml.nlu_classifier(body.current_thread.text).intents,
        .name == "cred_theft" and .confidence == "high"
)

// suspicious sender signals
and (
  beta.whois(sender.email.domain).days_old <= 30
  or profile.by_sender().days_known < 10
  or not profile.by_sender().solicited
)

To see more rule examples and for a deeper dive into Sublime, check out our docs or open-source rules feed.

Role

Hiring manager: @Samuel Scholten

At Sublime, our threat analysis team is pivotal in ensuring the security and trustworthiness of our email ecosystem. We are searching for a detail-oriented and experienced Email Security Analyst to strengthen our team. In this role, you will be the frontline in identifying, analyzing, and labeling email threats. Your insights will provide invaluable feedback to our detection engineering and data science teams, enhancing our overall system's resilience against malicious activities.

Responsibilities

Email Review & Classification: Regularly review incoming emails and classify them based on threat categories such as credential phishing, malware delivery, BEC, spam, etc.
Email Threat Identification: Familiarity with the email threat landscape, identify and analyze emerging email-based threats, ensuring that they are accurately labeled and documented.
Data Labeling & Analysis: Contribute to our machine learning initiatives by labeling email datasets, helping in training more efficient detection models.
Trend Analysis: Analyze telemetry and other data sources to identify trends and patterns in phishing attacks and other email-based threats.
Collaborate with Engineering Teams: Provide feedback and insights to our threat detection engineers, ensuring that detection rules are up-to-date and effective.
Performance Metrics: Understand and work with False Negatives (FN), False Positives (FP), True Negatives (TN), and True Positives (TP) to assess and improve detection capabilities.
Research & Education: Stay updated with the latest in email security and threat landscapes. Share insights and knowledge through blog posts, social media channels, and potentially at conferences.
Continuous Improvement: Recommend improvements to existing processes and tools based on daily findings and evolving threat patterns.

Requirements

Familiarity with the email domain and the associated security challenges.
Comprehensive understanding of the email-based threat landscape, including but not limited to credential phishing, malware delivery, BEC, and spam.