Reverse engineer malware samples in order to characterize their attributes for identification, correlate indicator information to identify larger attack architectures and topologies, and create proof of concept software to assist in real-time analysis and tracking of targeted malware families.
- Conduct vulnerability analysis of complex and diverse software systems and network architectures.
- Identify anti-analysis techniques, including encryption, obfuscation, virtual machine detection, and conditional coding for the purpose of identifying tactics, techniques, and procedures used by malware authors.
- Provide subject matter expertise on cyber threats, attacks, and incidents of interests to PhishLabs and our customers as well as knowledge of typical attack vectors, network exploitation techniques, and exfiltration channels.
- Monitor underground marketplace activity for any new threats being distributed or discussed by cyber actors.
Reverse Engineer Required Skills
- Advanced understanding of Windows and Linux based operating systems as well as the iOS and Android Platforms.
- A Bachelor’s or Master’s degree in Computer Science, Information Systems, or other computer related field.
- Demonstrable experience working with open-source and commercial analysis tools for the purposes of malware reverse engineering including, but not limited to, decompilers, disassemblers, debuggers, systems internals utilities, and network traffic analysis tools.
- Experience with enterprise level sandbox tools and familiarity of edge and endpoint protection systems.
- Proven ability to analyze and reverse engineer packed or obfuscated code, develop code to monitor botnets, and reverse engineer custom protocols.
- Advanced understanding of operating system internals and Windows API.
- Experience with both SQL and NoSQL data storage solutions as well as ElasticSearch search and analytics engine to include data implementation and design.
- Experience with security data characterization standards such as STIX, MAEC, TAXII, CybOx.
- Experience with networking, network protocols, and security infrastructures.
- Experience with financially-incentived malware such as banking trojans is preferred.
- Experience with creation and maintenance of rules to detect malicious activity or code (yara, snort, suricate, etc.)