Reverse Engineer / Security Researcher - InQuest Austin, TX, United States Bookmark Share Print 1093 26 26

Listing Description

We're a small firm comprised primarily of engineers. The team is currently fully remote though we have a healthy collection of people settled in the regions of Washington, DC and Austin, Texas. A traditionally modeled company, we're profitable and growing organically.

Our product is an on-premise network-based appliance capable of ingesting traffic at up to 20Gbit speeds. Our capture engine is custom developed and inspects application content over the most commonly used network protocols. Reassembled streams are passed through an artifact extractor which produces a queue of files, IPs, domains, etc for threat analysis. Files are passed through a layer we refer to as "post-processing" or "Deep File Inspection (DFI)" in marketing lingo. This proprietary layer is responsible for exposing hidden / layered content. The resulting content is analyzed for threats through a combination of heuristics and threat signatures that we've been developing for years. We'll additionally integrate with sandboxes, multi-AVs, threat feeds, and more. Our final deliverable is a single threat score per session with a detailed receipt of how that score was derived.

The InQuest team works with real-world, high profile networks on a daily basis and draws influences from actual attacks to publish new signatures and intelligence feeds on a regular weekly basis or as needed. In addition to detecting inbound malicious content, we additionally monitor attacker infrastructure to detect any outbound connection attempts to known malicious IP/Domain endpoints. Finally, we utilize our file processing techniques to detect data exfiltration attempts. We dog food our product like no other, resulting in a very tight feedback loop between the lab and the field.

We love our jobs and are looking for a candidate truly passionate about dissecting real-world malware campaigns. You'll write tools to extract hidden content. Write signatures to generically detect threats. Mine data to uncover new actors. Research novel methods for detection. When appropriate, the role will involve publishing technical blog entries. We also encourage larger scale research projects that may be submitted for consideration to security conferences.

Read more at http://www.inquest.netMust be familiar with security technologies in general and intrusion detection systems in particular.

In-depth understanding of a variety of vulnerability classes and attacks.

Experience and passion for analyzing binary and non-binary malware.

Experience with debugging and disassembling x86 code.

Able to dissect and comprehend closed file formats.

In-depth knowledge and experience writing, tuning, and analyzing regular expressions.

Basic Python programming abilities.

Must be able to demonstrate a level of familiarity with real world vulnerabilities, exploits, and payloads.

Capable of reversing basic cryptographic algorithms (mainly used in C2 communications and DGA algorithms).

Knowledge of hacker tactics, techniques and procedures (TTP).

Knowledge of Windows / Windows API, Linux / Linux API.

Knowledge and understanding of packing / unpacking / obfuscation.