Principal Researcher, Botnet & DDoS Threats

Principal Researcher, Botnet & DDoS Threats The DDoS threat landscape has crossed a threshold. Botnets like Aisuru and Kimwolf—comprising millions of compromised Android TV and IoT devices and capable of attacks exceeding 24 Tbps and 9 billion packets per second—are no longer edge cases. They are the baseline. Defeating these threats requires more than external observation. It requires deep visibility into how they are built, how they execute on the wire, and what that means for the systems designed to stop them. This role sits at the intersection of binary exploitation research and real-world defensive impact. You will reverse engineer active IoT botnet malware, translate findings into detection logic and packet-level attack signatures, and work across engineering, product, and research to ensure insights directly improve detection and customer defense. What you will do Reverse engineer IoT botnet malware families (Mirai lineage, Go-based L7 flooders, multi-architecture binaries) to understand attack behavior at the implementation and network level. You will reconstruct command structures, decode obfuscation, recover control flows from stripped binaries, and build precise models of how attacks manifest on the wire Perform dynamic malware analysis in sandboxed and purpose-built lab environments to validate static analysis and observe runtime behavior Design and contribute to novel detection and mitigation approaches based on malware internals and traffic behavior Collaborate with AI/ML teams to integrate automated analysis into research workflows. This is not passive tool usage—you will actively shape how automation is applied to real malware analysis problems Partner with product engineering to translate research into shipped detection capabilities Lead external-facing research: threat reports, technical blogs, and conference presentations. At principal level, you own the narrative and direction of research output Engage directly with customers in post-incident analysis, architectural guidance, and strategic threat briefings—clearly explaining both attacker behavior and defensive actions Work alongside senior researchers focused on IoT botnets and large-scale DDoS systems, contributing to and benefiting from a deeply technical peer environment What you need Strong foundation in binary reverse engineering using tools such as Ghidra or IDA, including static analysis across multiple architectures and experience with stripped binaries and compiler-generated code; you should be comfortable working close to raw assembly and control flow, not dependent on tooling abstraction Hands-on experience with dynamic malware analysis in sandbox or isolated lab environments, using runtime observation to validate and extend static findings Working proficiency in Python and Go Strong understanding of network protocols at the implementation level, including the ability to interpret PCAPs and reconstruct protocol behavior Familiarity with DDoS botnet architectures (e.g., Mirai lineage or equivalent), ideally with direct analysis of binaries rather than secondary reporting. Experience tracking variant evolution across malware families is a strong plus Ability to communicate complex technical findings clearly across engineering, product, and customer audiences; at this level, communication quality is a core part of technical impact Nice to have Experience with high-performance packet processing or mitigation systems at the network and transport layers Experience analyzing Go binaries in depth Exposure to malware source code Experience applying ML-assisted or vector-based approaches to malware classification, clustering, or lineage attribution Tools & environment Ghidra (headless + GUI), Capstone, GoReSym · Python 3, Go, Scapy, tshark · Any.run, Joe Sandbox, Cuckoo (or equivalent) · custom detonation lab infrastructure · honeypot infrastructure · MalwareBazaar, VirusTotal · macOS or Linux AI Use Guidelines for Interviews: Our interviews are designed to reflect your own skills and thinking. The use of AI or recording tools during live interviews is not permitted unless explicitly invited by the interviewer or approved in advance as part of a reasonable accommodation. If these tools are used inappropriately or in a way that misrepresents your work, your application may not move forward in the process. Targeted compensation guideline: $200,000 - $215,000. Compensation will vary based on number of factors, including market demand for specific skills, role type, job level, and individual qualifications. Final salary offers are determined by considerations including, but not limited to, subject matter expertise, demonstrated skill level, relevant experience, geographic location, education, certifications, and training. A10 Networks is an equal opportunity employer and a VEVRAA federal subcontractor. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status, or any other characteristic protected by law. A10 also complies with all applicable state and local laws governing nondiscrimination in employment. #LI-AN1 - Hybrid