Malware analyst - PwC UK, NL, DE Bookmark Share Print 1036 0 10

Listing Description

PwC’s Global Threat Intelligence team is seeking a reverse engineer to augment our technical threat research capability and contribute to bespoke malware analysis, tool prototypes, and intelligence collection systems and infrastructure. 

PwC’s Global Threat Intelligence practice focuses on the identification of novel intrusion techniques and tracking of several hundred threat actors, ranging from organised crime groups to state affiliated espionage actors, originating from more than 25 countries.

The practice is responsible for the development and delivery of technical and strategic threat research and intelligence services and provides:

• Subscription and bespoke research services to public and private sector intelligence clients globally;
• Intelligence support to, and collection from incident response and managed threat hunting teams;
• Insight to our adversary emulation team on novel tools and techniques used by cyber threat actors; and,
• Access to cutting edge research to inform and underpin all services provided by PwC’s several thousand strong cyber security consulting practice.

As part of the technical team within PwC’s Global Threat Intelligence practice you will have extensive access to new malware samples and tools from open, closed and commercial sources, and from security services provided to PwC’s vast client base which spans more than 150 countries and ranges from NGOs to the world’s largest corporates. You’ll get to research, document and track malware families from a wide variety of organised crime and espionage actors, develop scripts and tooling to enhance and streamline our analysis processes, and develop custom modules for bespoke intelligence collection systems such as our ipv4 scanning infrastructure and artifact processing pipeline.

Responsibilities

If you’re interested in low-level analysis and development of capability to tackle sophisticated technical adversaries – we’re keen to talk to you. We expect you will already be able to demonstrate experience in one or more of the following areas:

• Developing technical collection and tracking techniques to identify new malware of specific interest and variants of known malware.
• Familiarity with Windows system internals, persistence techniques, advanced malware techniques etc.
• Familiarity with common vulnerability exploitation techniques and the ability to recognise them in shellcode.
• Supporting the generation of analytic content, detection concepts, and network and host based detection methods;
• Static and dynamic reverse engineering using reverse engineering tools such as Ghidra or IDA Pro in order to identify and classify new samples, understand C2 protocols and functional capability.
• Researching and developing new tools and scripts to continually update or improve our threat intelligence automation processes, collection methods and analytical capability.
• Contributing to the threat intelligence knowledge base and technical reporting.
• Coaching and training junior technical analysts in low level analysis.

Desirable but non essential skills

• Knowledge of open source and commercial platforms, tools and frameworks used within threat intelligence teams, such as threat intelligence platforms, visualisation tools like Maltego, and relational and NoSQL databases for information storage and analysis.
• Baseline knowledge of threat actors, attribution concepts, and high profile cyber incidents;
• Expertise in Python; and, 
• Competency exploiting common intelligence datasets, including commercial repositories of information relating to malware and internet data (domain, IP, netflow, certificate tracking etc.), and closed sources including incident response and other bespoke collection.
• Language skills - in particular Mandarin, Cantonese, Russian, or Persian/Farsi.