Jacob Santos
Senior Threat Researcher
Summary
Senior threat researcher with 17+ published articles on ransomware operations, APT campaigns, and defense evasion techniques. Designed and shipped 10+ production security tools adopted team-wide, cutting threat response time from hours to minutes. Recognized with a company innovation award for a proprietary threat intelligence automation system. Delivered advanced threat defense workshops across 5 countries for law enforcement, government agencies, and enterprise organizations.
Experience
Senior Threat Researcher
Jan 2025 — PresentTrend AI · Threat Hunting Team
- Published 17+ research articles and 14 threat intelligence threads on ransomware operations, APT campaigns, cross-platform threats, and defense evasion techniques — reaching global security teams through the company's research platform
- Designed and shipped 10+ production security tools adopted team-wide, including an AI-powered inquiry pipeline that cut threat response time from 2+ hours to under 15 minutes, a unified threat intelligence platform, and servers connecting AI assistants to 500K+ live threat indicators
- Recognized with a company innovation award for a threat intelligence automation system, with core components adopted into an enterprise product
- Lead ransomware spotlight research and APT campaign tracking using structured attribution methodologies — infrastructure hunting, passive DNS, and C2 mapping beyond traditional IOCs
- Delivered advanced threat defense workshops across 5 countries for multinational law enforcement participants, government cybersecurity agencies, and enterprise security teams; created hands-on labs and CTF challenges for a flagship conference (2 consecutive years)
- Pioneered Generative AI adoption on the team, introducing AI-assisted reverse engineering and forensic analysis workflows that accelerated threat investigations
Threat Hunter / Threat Researcher
Jun 2023 — Dec 2024Trend AI · Threat Hunting Team
- Proactively hunted emerging threats using OSINT and internal telemetry — writing YARA rules and performing malware analysis to identify and name previously undetected ransomware families before public reporting
- Performed malware analysis and reverse engineering across Windows, Linux, and .NET binaries (including packed/obfuscated samples), building complete MITRE ATT&CK-mapped attack chains for threat reports and publications
- Built automated hunting dashboards and intelligence gathering tools for daily threat monitoring, reducing manual triage time across the team
- Contributed threat intelligence to multiple ransomware spotlight publications covering major ransomware-as-a-service operations
Cybersecurity Threat Engineer
Oct 2022 — May 2023Trend AI · Core Technology Division
- Completed intensive 6-month malware analysis program: assembly programming, PE header analysis, and reverse engineering across all major platforms (Win32/64, Linux, .NET, packed/obfuscated samples) with practical elimination-based exams — zero failures
Technical Skills
Threat Hunting & Research: Ransomware Analysis, APT Campaign Tracking, Malware Analysis, Reverse Engineering, Threat Hunting, OSINT, MITRE ATT&CK, STIX 2.1, Diamond Model, YARA Rules, Infrastructure Hunting, Detection Engineering, Threat Intelligence, Geopolitical Analysis
Infrastructure Hunting: Shodan, Censys, Passive DNS, WHOIS, SSL Certificate Analysis, Network Fingerprinting
Programming & Development: Python, Node.js, TypeScript, JavaScript, FastAPI, Databricks, FastMCP, MCP SDK, Streamlit, Express, SQLite, WebSocket, REST APIs
AI & Automation: LLM Pipelines, Prompt Engineering, RAG, AI-Assisted Analysis
Analysis Tools: IDA Pro, Ghidra, x64dbg, Wireshark, Burp Suite
Platforms & Tools: VirusTotal, OpenCTI, Confluence, Jira, Linux, Git, Splunk, Elastic/Kibana, Malware Bazaar, DomainTools
Key Projects
- Threat Inquiry Pipeline — AI-powered 9-phase automation pipeline that processes email threat inquiries end-to-end: understanding context, researching internally and externally, enriching IOCs, verifying detection coverage, drafting responses, and publishing documentation — autonomously within minutes
- Threat Intelligence Platform — Full-featured platform curating cybersecurity RSS feeds, news, and articles into actionable intelligence with IOC extraction, detection coverage verification, CTI-ready JSON output, hunting queries, and automated wiki publishing
- Infrastructure Hunting Toolkit — Methodology and tooling for adversary infrastructure identification using internet scanning platforms and passive DNS to track C2 servers and threat actor deployment patterns
- VirusTotal Hunting Automations — Suite of automated threat intelligence gathering tools leveraging VirusTotal APIs for daily malware searches, behavioral analysis, ransomware note extraction, and YARA hunting notifications, plus automated feeds from ThreatFox, Malware Bazaar, and Triage
- Security Data Lake Platform — Databricks-powered web platform for querying billions of security telemetry events to provide IOC context, threat prevalence, and detection coverage across multiple security datasets
Selected Publications
- "EDRSilencer: Disrupting Endpoint Security Solutions" — Trend AI Research Blog, Oct 2024
- "CrazyHunter: BYOVD-Driven Ransomware Targeting Taiwanese Critical Sectors" — Trend AI Research Blog, Apr 2025
- "Play Ransomware: New Linux/ESXi Variant Targets Enterprise Infrastructure" — Trend AI Research Blog, Jul 2024
- "Agenda Ransomware Group Adds SmokeLoader and NETXLOADER" — Trend AI Research Blog, May 2025
- "Warlock: From SharePoint Exploit to Enterprise Ransomware" — Trend AI Research Blog, Aug 2025
- + additional published articles and research threads — see full research portfolio
Speaking & Workshops
- International Workshops — Delivered advanced threat defense programs across 5 countries for international law enforcement participants, government cybersecurity agencies, and enterprise security teams
- Conference Speaker — Flagship cybersecurity conference (hands-on labs + CTF, 2 consecutive years), national technology summits, industry conferences
- Enterprise Talks — Cybersecurity awareness keynotes and workshops for major enterprises in banking, aviation, and retail sectors
Education
Bachelor of Science in Computer Engineering — Polytechnic University of the Philippines, 2022