Malware Researcher / Reverse Engineer III - AWS, GuardDuty

Job summary
Members of the AWS GuardDuty team build customer-facing services that are designed to protect millions of customers around the globe. This is an advanced engineering team that is using cutting edge techniques to help customers assess, monitor and protect their cloud-based resources.

This position will be working on Amazon GuardDuty, which is a managed threat detection service that continuously monitors for malicious or unauthorized behavior to help customers protect their AWS accounts and workloads. It monitors for activity such as unusual API calls or potentially unauthorized deployments that indicate a possible account compromise. GuardDuty also detects potentially compromised instances or reconnaissance by attackers. (https://aws.amazon.com/guardduty/)


Key job responsibilities
* Research the latest malware detection evasion techniques, such as use of customized packers and anti-virus (AV) software bypassing. Based on research, you will design and develop signatures and tools to detect and mitigate those threats.
* Work with data scientists to help develop and test detections for attack patterns.
* Build tools and systems to analyze emerging threats.
* Work with customers in response to requests related to suspicious files or false positives that may require reverse engineering.
* Advise broader team on current threat landscape, tools & techniques.
* Influence others while demonstrating significant creativity.



A day in the life
As a Cyber Threat Intelligence Security Engineer, you will reverse engineer and analyze malware to evaluate complex malicious code to determine malware capabilities and purposes. The scope of this role includes researching attack patterns, building attack simulations, active testing of defense strategies, and mentoring data scientists and software engineers. You will interact with many internal security teams to keep up to date with the latest attack techniques.

Basic Qualifications

* BS or MS in Computer Science, Math, or some other quantitative discipline
* 5+ years of experience with malware analysis, reverse engineering
* 5+ years of experience building automated tools in a modern programming language
* 3+ years of hands-on experience in the area of low-level software engineering, like C/C++ or Rust.

Preferred Qualifications

* MS in Computer Science or Computer Engineering or related quantitative discipline
* Data-driven and quantitative mentality. Always backs up ideas with facts.
* Experience with virtualization technologies and familiarity with AWS services
* Strong knowledge of Linux tools and architecture
* Familiarity with reverse engineering tools such as IDA Pro, Ghidra, Windbg or Ollydbg
* Knowledge of modern exploitation techniques and methods for remaining stealthy
* Strong communication skills
* Desire and energy to work in a fast-paced environment
* Meeting/exceeding Amazon’s leadership principles requirements for this role
* Meeting/exceeding Amazon’s functional/technical depth and complexity for this role


Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.