Senior Cyber Intelligence Analyst | Remote

About The Position

Requirements

• 2-3 years' experience as Security Operations Center (SOC) Analyst including Incident Response and Handling roles
• Experience in Malware Reverse Engineering and Sandboxing
• Experience with SIEM Technology
• Significant experience with Linux, TCP/IP, UNIX, MS-Windows, IP Routing, Firewalls and IPS
• Understanding of behavioral based threat models, including ATT&CK, Cyber Kill Chain, Diamond Model, etc.
• Deep understanding of advanced cyber threats targeting enterprises, along with the tools, tactics, and procedures used by those threats
• Demonstrated experience using Open Source (OllyDbg, Radare, GDB, etc.) malware analysis tools
• Ability to analyze shellcode, and packed and obfuscated code, and their associated algorithms
• Ability to develop network and host based signatures to identify specific malware. Recommend heuristic or anomaly based detection methods
• Subject matter expertise in the detection, analysis and mitigation of malware
• Experience with Information Security Research, Malware Reverse Engineering, Cyber Threat Analysis, Windows Operating System and Data Analysis
• Knowledge of Research skills, Technical Writing, Information Security Research, Security Incident Response, Security Risk Assessment/Analysis
• Must be currently located in the same geographic location as the job or willing to relocate yourself –Required.

Nice To Haves

• Bachelor’s Degree or International equivalent - Preferred
• Experience with multi-cloud technologies such as Google Cloud, Azure and AWS

Responsibilities

• Assesses, prioritizes and takes action on requests that improve existing Security Operation Center (SOC) tools and procedures.
• Partners with management to coordinate security incident response efforts to communicate information, drive resource actions and decisions, provide recommendations, and ensure resolution.
• Evaluates and analyzes complex malicious code through the use of tools including disassemblers, debuggers, hex editors, un-packers, virtual machines and network sniffers.
• Conducts reverse-engineering for known and suspected malware files.
• Investigates instances of malicious code to determine attack vector and payload, and to determine the extent of damage and data exfiltration.
• Performs research in the area of malicious software, vulnerabilities, and exploitation tactics, and recommend preventative or defensive actions.
• Produces reports detailing attributes and functionality of malware, and indicators that can be used for malware identification/detection, to include behavior, identified infrastructure used for command and control, and mitigation techniques.
• Analyses the relationship between a given sample of malware and other known samples/families of malware, and notable features that indicate the origin or sophistication of the malware and its authors.