• Malware operations experience
• Understanding of threat detection
• Knowledge of research/collection skills, threat intelligence services, and analytical methods
• General understanding of threat/risk management and threat/risk assessment
• Experience in a security operations center or similar environment responding to incidents
• Familiarity with tools used in cyber-intrusions
• 5+ years experience conducting dynamic and static analysis of malicious software
  • Experience using disassemblers, decompilers, and debuggers
  • Experience analyzing malicious documents and obfuscated scripts
  • Experience unpacking samples and reconstructing code logic
  • Experience analyzing shellcodes
  • Understanding of Windows OS internals
• Experience writing YARA, SNORT, and SIGMA rules
• Familiar with using MITRE ATT&CK
• Have strong knowledge of cyber-crime malware families and groups
• Familiar with most common and exploited CVEs
• Excellent writing skills

• Willingness to present at top tier security conferences
• Familiar with underground forums
• Capable of automating tasks with Python scripting

• Familiarity with host-based operating system APIs
• Ability to apply confidence and severity scoring to heuristic detections
• Threat Hunting and Incident response experience
• Ability to work independently with little support
• Strong analytical and problem-solving skills
• Self-motivated to improve knowledge and skills
• Ability to work and collaborate in a remote team
• Customer enabled and focused
• Bachelor’s degree Computer Science, Information Technology, or related field or equivalent experience
• Experience refining source information and raw data into intelligence products
• Knowledge of malware packers, obfuscation techniques, and exploit kits
• Deep understanding of operating systems internals and the Windows API

What you will do:

• Proactively hunt and monitor cyber-crime landscape to identify new threats, actors, or malware families as well as changes to the existing ones.
• Analyze and/or reverse-engineers the behavior of malware using both static and dynamic analysis tools and techniques.
• Stay up to date on threats, and write/update existing YARA, SNORT, and/or SIGMA rules to improve threat hunting and monitoring capabilities.
• Provide subject matter expertise in the detection, analysis, and mitigation of malware, trends in malware development and capabilities, and proficiency with malware analysis capabilities.
• Identify requirements for new threat analysis capabilities and contributes to the development.
• Support the selection and maintenance of threat analysis systems and toolsets.
• Produce high-quality threat reports/blogs on cyber-crime activities detailing attributes and functionality of malware and/or actor TTPs (including indicators that can be used for malware identification/detection, the relationship between a given sample of malware and other known samples/families of malware, and notable features that indicate the origin or sophistication of the malware and its authors).
• Present threat research at top tier security conferences
• Document and share relevant threat findings internally
• Collaborate with internal teams to help prioritize detection capabilities and provide raw intel for further analysis and reporting
• Operates semi-autonomously to conduct the collection, create solutions and support intelligence production per the standard operating procedures, with minimal guidance from your supervisors