Senior Cyber Attack and Exploit Researcher - Palo Alto Networks Reston, VA or Santa Clara, CA Bookmark Share Print 910 2 15

Listing Description

The Senior Cyber Attack and Exploit researcher will focus on the identification of actively exploited vulnerabilities and post-exploitation methodologies present in hack tools, attack frameworks, targeted attack campaigns, and public POC availability. This requires a cross disciplined approach involving open source intelligence analysis, crawler and honey client deployment, and leveraging the attack telemetry returned by the Palo Alto Networks enterprise security platform.

A strong focus on automation and scripting is desired, with expected manual analysis of newly discovered threats. Core to this role is the creation of durable detection signatures (both heuristic and byte level) as well as categorization of discovered threats.Produce and test durable detection/mitigation strategies for the Palo Alto product set (IPS, Wildfire, Traps, AutoFocus, LightCyber).

Leverage internal and external data sources to actively hunt for new exploit detections and correlated threat campaigns and web based exploits.

Collect open source information for aggregation into our intelligence repository.

Reverse Engineer/analyze exploit code, vulnerabilities, and attacker tools to assess their functionality, origin and purpose.

Develop tools to assist with automation of collection and processing of threat data.

Perform coverage and capability gap analysis of the Palo Alto Product set, ensuring true positive fully contextual detections.

Respond to Requests for Information (RFIs) from our consumer organizations within Palo Alto Networks.

Qualifications:

Strong background in Red Team tools and techniques including exploitation and post-exploitation frameworks.

Excellent written and verbal communication skills, and experience working on remote teams.

Strong understanding of networking, databases and tool development including python.

Strong understanding of security operations: perimeter defense, forensics, incident response, kill chain analysis, risk assessment and security metrics.

Understanding of exploit and malware reverse engineering and analysis.

Understanding of vulnerability discovery and severity assessment methodologies.

Experience developing and deploying effective countermeasures (Yara, Snort, SIEM Correlation Rules, etc.)

Prior use of malware analysis tools such as IDA Pro, Hex-Rays Decompiler, OllyDgb, Immunity Debugger and Yara.

Prior use of network analysis tools such as Wireshark, TCPDump and Scapy.