Senior Malware Researcher

Company Background

Designed by analysts but built for the entire team (security operations, threat intelligence, incident response and security leadership), ThreatConnect’s intelligence-driven security operations platform is the only solution available today with intelligence, automation, analytics, and workflows in a single platform. Centralize your intelligence, establish process consistency, scale operations, and measure your effectiveness in one place. To learn more about our threat intelligence platform (TIP) or security orchestration, automation, and response (SOAR) solutions, visit ThreatConnect.com.

Job Description

Calling all threat hunters, diamond modelers, and pyramids of pain climbers! The ThreatConnect Research Team is looking for a Senior Malware Researcher with a strong background in reverse engineering malware, threat intelligence analysis, threat actor tracking and signature development. If you have a strong understanding of adversary tactics and techniques, and a stronger desire to use that knowledge in the fight against the adversary, come join us!

The ThreatConnect Research Team is a group of Threat Intelligence Researchers dedicated to creating actionable intelligence by identifying and exploiting attack patterns related to the nation-state, criminal, and ideological cyber threats. We share that intelligence with others to help them defend against threats, and also develop, capture, and share our tradecraft to help our users develop and implement their threat intelligence processes.

Responsibilities Include

• Hunt for threat activity in our data collection systems using YARA and other signatures
• Analyze malware and infrastructure using a disassembler (IDA Pro, Ghidra, etc.)
• Develop tactical and strategic intelligence in ThreatConnect
• Create, test, and document analytic techniques to make research repeatable
• Collaborate with other team members to create ThreatConnect malware analysis solutions (Playbooks, Workflows, etc.)
• Share research findings, tradecraft, and associated signatures and detection analytics within ThreatConnect and beyond (blogs, webinars, conferences)
• Curate and help prioritize collected threat data
• Teach our users about your findings and processes
• Provide subject matter expertise to other teams to improve ThreatConnect

Things You Will Do

• Apply your experience and expertise to help guide the direction of the ThreatConnect Research team
• Leverage various malware and network infrastructure data sets to hunt for new threats and enrich/analyze existing ones
• Help others defend themselves by publishing compelling intelligence and sharing tradecraft
• Interface with various teams across ThreatConnect to provide subject matter expertise

1-3-6-12 Month Plan

On day one we'll expect you to...

• Analyze a malware sample to identify characteristics such as malware family, ATT&CK techniques, and related files and network indicators
• Understand basic threat intelligence frameworks such as the intelligence cycle, diamond model, pyramid of pain, and MITRE ATT&CK
• Write a basic threat intelligence report outlining a campaign, threat actor, intrusion set, etc.
• Follow a process to assess confidence in maliciousness of IOCs and identify and eliminate false positives
• Begin learning the ins and outs of the ThreatConnect platform

At 3 months we'll expect you to...

• Create a process for analyzing malware of interest to the Research team
• Regularly share intelligence findings and tradecraft in ThreatConnect
• Develop signatures based on adversary attack patterns to hunt for additional related capabilities and infrastructure

At 6 months we’ll expect you to...

• Lead “Day in the Life” calls with customers and prospects, explaining how we use ThreatConnect in our day to day research
• Be knowledgeable of the features of the ThreatConnect platform
• Write blogs about your research findings and/or tradecraft

At 12 months we’ll expect you to...

• Lead research projects around data collection, analysis, enrichment, or other relevant aspects of the Research team’s work
• Develop new analytic techniques and help deliver those to our users through various platform features

Our Team Culture…

We’re huge fans of puzzles and problem solving and strive to make the world a better place by channeling that passion in our Threat Intel research. We welcome constructive criticism from our peers and are comfortable challenging each other when appropriate. We care about each other as people, not just as co-workers.

This Job is Awesome Because...

• Joining a small team allows for the ability to truly make an impact
• Access to cutting edge security tools
• Attend Black Hat/DEFCON in addition to a variety of summits, conferences, and events event on behalf of ThreatConnect

More About Our Team...

• Our team is entirely remote and located across the US (PNW, Midwest, and DMV areas)
• Our team regularly partners with Journalists, Human Rights Groups, and Civil Society Organizations to help with their ability to defend themselves against state-sponsored attacks

Requirements

Required Qualifications

• 5+ years of experience in cyber threat intelligence analysis and investigation
• 3+ years of experience in reverse engineering malware
• Strong understanding of threat data enrichment and pivoting as it relates to malware and network infrastructure
• Strong verbal and written communication skills, with demonstrated works such as research, presentations, blogs, whitepapers, etc.
• Experience writing detection signatures such as YARA, Snort, and Sigma
• Familiarity with threat intelligence concepts and frameworks (Diamond Model, etc.)
• Familiarity with one or more cyber security data models (ThreatConnect data model, STIX, MISP, etc.)
• Ability to work remotely, both on independent tasks and on highly collaborative team projects
• Ability to travel occasionally to attend conferences, deliver workshops, and participate in team onsite meetings
• Bachelor’s degree in a work-related discipline or equivalent experience considered

Desired Qualifications

• Experience in Incident Response, Security Operations, and/or supporting Computer Emergency Response Teams
• Fluency in a foreign language
• Industry Certifications such as GIAC/SANS or CISSP

Added Bonus if You Have

• Previously published and/or presented threat intelligence research (or relevant security research)
• Fluency in Russian, Arabic, Chinese, or Korean

Benefits

Work-Life Balance:

• Unlimited Paid Time Off (PTO)
• Employee recognition program with quarterly awards
• Employee referral program
• Military leave options available
• Education reimbursement program for job-related college courses and professional training
• Quarterly events with your geographic team
• Annual company party

Medical:

• MEDICAL PREMIUM FOR INDIVIDUALS AND FAMILIES ARE 100% COVERED
• Prescription drug coverage
• Dental coverage
• Vision coverage
• Company-paid short term and long term disability
• Company-paid insurance and AD&D coverage
• Pet Insurance

Financial:

• 401K retirement savings plan with company matching program up to 6%
• Health Savings Account
• Flexible Spending Accounts (medical, dependent care, transit and parking)
• Cell phone stipend
• Paid Parental Leave
• Paid Bereavement Leave