Senior Malware Analyst (Onsite - New York) - Mandiant New York, NY Bookmark Share Print 514 0 0

Listing Description

Job Description

The Malware Analyst within NYC Cyber Command (NYC3) will specialize and focus on malware analysis, threat actor campaign assessment, and threat actor correlation to the analyzed malware. While not analyzing malware, the analyst will be expected to perform job functions similar to members within the Counter Threat Automation (CTA), which include building automation workflows and playbooks that promote malware analysis and enable analysts to efficiently scan and review results of dynamic analysis, enhancing and building the malware analysis program at NYC3 and building security content from analyzed malicious data both found internally and in the wild.

Following are the expected responsibilities: 

• Conducting malware analysis and reverse engineering on suspicious code, and producing a detailed report of the findings;
• Research malware families and variants to distill common characteristics and behaviors;
• Conduct deep dive technical analysis of cyber-attack tools, tactics, and procedures;
• Review threat information, maintain a threat repository with tagged malware samples and develop a process on archiving and updating this repository;
• Perform static code analysis and dynamic analysis with a focus on extracting identifiable behaviors that can be used to inform analytic development efforts and the NYC3 defensive posture;
• Analyze malware obtained from internal and external sources to extract identifiable behaviors and inform analytic development efforts and the NYC3 defensive posture;
• Partner with the CERT, SOC and Counter Threat Intelligence (CTI) teams during investigations to understand incidents and support technical analysis of malicious cyber security events;
• Work with the Counter Threat Automation (CTA) team on automation of process for malware analysis; 
• Build tools to support malware analysis and work with the CTA team to integrate them;
• Communicate effectively with business executives, technology specialists, and vendors.

• 4+ years experience as a Malware Analyst
• Have a solid understanding of how malware interacts with different operating systems;
• Have a solid understanding of dynamic/static analysis of malware;
• Understand unpacking, deobfuscation, and anti-debugging techniques;
• Reconstruct unknown file formats & data structures;
• Experience with reverse engineering tools such as IDA Pro, WinDbg, OllyDbg, Immunity Debugger or similar;
• Strong knowledge of C/C++, Windows API, and Windows OS internals;
• Experience in creating malware analysis tools and scripts for accelerating automated malware analysis, unpacking, and extracting data;
• Understand network protocols and common ways they are employed in attacks;
• Knowledge of incident response, investigations and crisis management;
• Knowledge of both host based forensics and network based forensics; 
• Intermediate experience programming in Python and willingness to learn new languages as needed;
• Understands source code, hex, binary, regular expression, data correlation, and analysis such as firewall, network flow, and system logs
• Ability to write technical reports.
• Experience in interacting with major government agencies and authorities around the world;
• Experience in safely and legally maintaining a network for collection of threat information;
• Experience reviewing and analyzing Security Events from various monitoring and logging sources;
• Previous experience working as a part of an IT Security team;
• Strong sense of teamwork, an inquisitive mind and the desire to share knowledge;
• Demonstrable work that is reviewable: i.e. Github / Bitbucket/Gitlab repositories or portfolio site.
• Preferred certifications : GREM, GCIA, GCIH

As a U.S. federal contractor, Mandiant has adopted a COVID-19 Vaccination Policy to comply with our obligations under applicable laws and requirements. This position may be covered under Mandiant’s COVID-19 Vaccination Policy, as required in order to support federal contracts, access company offices and/or attend in-person meetings and work events. If covered under this policy, proof of vaccination against COVID-19 may be required as a condition of hire.

At Mandiant we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.