Cybersecurity Research Engineer – Honeypot

About the role

We are looking for a highly skilled Cybersecurity Research Engineer specializing in honeypot technologies. The role focuses on designing deception‑based security systems, conducting deep adversary analysis, and providing actionable intelligence to support threat hunting and incident response.

Key responsibilities

• Design, deploy, and manage low‑, medium‑, and high‑interaction honeypots across IT, cloud, and OT environments.
• Develop custom honeypots and decoys to profile specific threat actors and track campaigns.
• Monitor, analyze, and triage telemetry from honeypots, including network traffic, system logs, and malware artifacts.
• Perform APT attribution using TTP analysis mapped to the MITRE ATT&CK framework.
• Correlate honeypot intelligence with external threat feeds, OSINT, malware reports, and darknet sources.
• Support incident response and threat hunting teams with actionable intelligence and research‑grade reports.
• Continuously research emerging APT campaigns, zero‑day exploitation trends, and new deception techniques.

Required profile

• B.Tech / M.Tech / MSc in Computer Science, Cybersecurity, or a related field.
• Hands‑on experience with honeypot frameworks such as Cowrie, Dionaea, Honeytrap, Conpot, OpenCanary, or T‑Pot.
• Strong understanding of APT tactics, techniques, and procedures, kill‑chain analysis, and adversary tradecraft.
• Proficiency in Linux system administration and networking protocols (TCP/IP, DNS, HTTP, SMB, SSH).
• Experience linking infrastructure, malware families, and behaviors to known or emerging threat groups.

Required skills

• Python and Bash scripting for automation and data analysis.
• MITRE ATT&CK, Diamond Model, and Cyber Kill Chain frameworks.
• OT/ICS protocols such as Modbus, DNP3, IEC 104, BACnet.
• Memory forensics and sandboxing tools.
• Knowledge of C2 infrastructure, payload delivery mechanisms, and lateral movement techniques.