Principal Researcher, Botnet & DDoS Threats

Principal Researcher, Botnet & DDoS ThreatsThe DDoS threat landscape has crossed a threshold. Botnets like Aisuru and Kimwolf—comprising millions of compromised Android TV and IoT devices and capable of attacks exceeding 24 Tbps and 9 billion packets per second—are no longer edge cases. They are the baseline.Defeating these threats requires more than external observation. It requires deep visibility into how they are built, how they execute on the wire, and what that means for the systems designed to stop them.This role sits at the intersection of binary exploitation research and real-world defensive impact. You will reverse engineer active IoT botnet malware, translate findings into detection logic and packet-level attack signatures, and work across engineering, product, and research to ensure insights directly improve detection and customer defense.What you will doReverse engineer IoT botnet malware families (Mirai lineage, Go-based L7 flooders, multi-architecture binaries) to understand attack behavior at the implementation and network level. You will reconstruct command structures, decode obfuscation, recover control flows from stripped binaries, and build precise models of how attacks manifest on the wirePerform dynamic malware analysis in sandboxed and purpose-built lab environments to validate static analysis and observe runtime behaviorDesign and contribute to novel detection and mitigation approaches based on malware internals and traffic behaviorCollaborate with AI/ML teams to integrate automated analysis into research workflows. This is not passive tool usage—you will actively shape how automation is applied to real malware analysis problemsPartner with product engineering to translate research into shipped detection capabilitiesLead external-facing research: threat reports, technical blogs, and conference presentations. At principal level, you own the narrative and direction of research outputEngage directly with customers in post-incident analysis, architectural guidance, and strategic threat briefings—clearly explaining both attacker behavior and defensive actionsWork alongside senior researchers focused on IoT botnets and large-scale DDoS systems, contributing to and benefiting from a deeply technical peer environmentWhat you needStrong foundation in binary reverse engineering using tools such as Ghidra or IDA, including static analysis across multiple architectures and experience with stripped binaries and compiler-generated code; you should be comfortable working close to raw assembly and control flow, not dependent on tooling abstractionHands-on experience with dynamic malware analysis in sandbox or isolated lab environments, using runtime observation to validate and extend static findingsWorking proficiency in Python and GoStrong understanding of network protocols at the implementation level, including the ability to interpret PCAPs and reconstruct protocol behaviorFamiliarity with DDoS botnet architectures (e.g., Mirai lineage or equivalent), ideally with direct analysis of binaries rather than secondary reporting. Experience tracking variant evolution across malware families is a strong plusAbility to communicate complex technical findings clearly across engineering, product, and customer audiences; at this level, communication quality is a core part of technical impactNice to haveExperience with high-performance packet processing or mitigation systems at the network and transport layersExperience analyzing Go binaries in depthExposure to malware source codeExperience applying ML-assisted or vector-based approaches to malware classification, clustering, or lineage attributionTools & environmentGhidra (headless + GUI), Capstone, GoReSym · Python 3, Go, Scapy , tshark · Any.run , Joe Sandbox, Cuckoo (or equivalent) · custom detonation lab infrastructure · honeypot infrastructure · MalwareBazaar , VirusTotal · macOS or LinuxTargeted compensation guideline: $200,000 - $215,000. Compensation will vary based on number of factors, including market demand for specific skills, role type, job level, and individual qualifications. Final salary offers are determined by considerations including, but not limited to, subject matter expertise, demonstrated skill level, relevant experience, geographic location, education, certifications, and training.A10 Networks is an equal opportunity employer and a VEVRAA federal subcontractor. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status, or any other characteristic protected by law. A10 also complies with all applicable state and local laws governing nondiscrimination in employment.#LI-AN1 - Hybrid #J-18808-Ljbffr A10 Networks