Sr. Security Researcher

SUMMARY

Incident Response is seeking a Sr. Security Researcher for its Cyber Threat Intelligence team to focus on cybercrime activity. The successful candidate will be a self-starting and motivated analyst who will help build Arete's cyber threat intelligence service. This position will be primarily focused on performing countermeasure development, malware reverse engineering, threat hunting, analyzing threats, and tracking known adversaries and emerging threats. The role will contribute to the research and publication of threat insights, internal work products, and intelligence products to be used by Arete's customers and stakeholders. The work may occasionally include after-hours intelligence support during major engagements. A successful analyst will thrive on learning the technical aspects of the tools and techniques used by cybercrime threat actors and finding solutions to challenging problems.

ROLES AND RESPONSIBILITIES

• Develop countermeasures, tools and methods of detection to be use for threat hunting and incident response activities.

• Threat hunting in EDR telemetry data.

• Perform malware reverse engineering (both static and dynamic malware analysis).

• Identify cyber threats, trends, and new malware families and threat actor groups by analyzing Arete's case reports, raw and open-source intelligence.

• Identify and report on the current and changing Tactics, Techniques, and Procedures (TTPs) used by cyber threat actors.

• Create finished intelligence analysis for internal and external customers through written reporting, blog posts, and industry insights to help reinforce Arete as a thought leader in cyber threat intelligence.

• Inform various business units within Arete about new threat actor TTPs.

• Create compelling internal presentations from analysis results.

• Uncover adversary activity not detected by current detection mechanisms.

• Identify intelligence and technology gaps and submit requests to fill those gaps.

• Respond to requests for information from internal and external customers.

• Conduct briefings for customers (via either phone, video conference, webcast, in-person briefing, or industry conference).

• Provide tactical intel and analysis support for DFIR, SOC, and MDR business units.

• Creation of detailed process documentation.

• Other duties as assigned to support the business operations.

DISCLAIMER

The above statements are intended to describe the general nature and level of work being performed. They are not intended to be an exhaustive list of all responsibilities, duties, and skills required personnel so classified.

SKILLS AND KNOWLEDGE

• Endpoint Detection and Response countermeasure development experience (e.g., SentinelOne).

• Malware reverse engineering experience.

• Motivated self-starter with a passion for countermeasure development, malware reverse engineering and cyber threat intelligence.

• Ability to produce high-quality finished intelligence products within short deadlines.

  Knowledge of how malware is developed, functions, and is employed by cybercrime threat actors.

• Desire to extend knowledge of threat actor TTPs.

• Understanding of the tools and techniques used by cybercrime threat actors.

JOB REQUIREMENTS

• Bachelor's or higher degree in engineering, computer science, information assurance, cyber intelligence, or other cyber security related studies.

• 5+ years of relevant work experience.

• Relevant industry certification.

• Experience

  • Writing EDR countermeasures.

  • Writing Yara rules.

  • Using disassemblers and debuggers.

  • Working with anti-analysis techniques and patching code to bypass checks.

  • Working with encoding and encryption algorithms.

  • Working with ransomware and ransomware precursors

  • Writing malware analysis reports.

  • Writing threat intelligence and technical publications.

• Knowledge of

  • Different Crimeware, Ransomware, Bots, Commodity, and Nation-State malware families

  • Vulnerability exploitation and detection

  • Various open-source and commercial malware analysis tools

  • Sandbox systems

  • Regular Expressions

  • Network traffic analysis

  • Memory analysis

  • Log analysis

  • Working in a fast-paced environment with Digital Forensics and Incident Responders

• Ability to reverse engineer samples of various types such as

  • C/C++

  • .NET

  • Visual Basic scripts, Java scripts, powershell scripts

  • Malicious documents

  • Webshells

  • Shellcode

  • Packed and obfuscated code

WORK ENVIRONMENT

While performing the responsibilities of this position, the work environment characteristics listed below are representative of the environment the employee will encounter: Usual office working conditions. Reasonable accommodations may be made to enable people with disabilities to perform the essential functions of this job.

PHYSICAL DEMANDS

• No physical exertion is required.

• Travel within or outside of the state.

TERMS OF EMPLOYMENT

Salary and benefits shall be paid consistent with Arete's salary and benefit policy

#LI-REMOTE

#LI-HYBRID

Incident Response is an outstanding (and growing) company with a very dedicated, fun team. We offer competitive salaries, fully paid benefits including Medical/Dental, Life/Disability Insurance, 401(k) and the opportunity to work with some of the latest and greatest in the fast-growing cyber security industry.

When you join Arete…

You'll be doing work that matters alongside other talented people, transforming the way people, businesses, and things connect with each other. Of course, we will offer you great pay and benefits, but we're about more than that. Arete is a place where you can craft your own path to greatness. Whether you think in code, words, pictures or numbers, find your future at Arete, where experience matters.

Equal Employment Opportunity

We're proud to be an equal opportunity employer- and celebrate our employees' differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better.