Lead Security Researcher – Malware Research
Remote - Ontario
Arctic Wolf
Arctic Wolf delivers dynamic 24x7 cybersecurity protection tailored to the specific needs of your organization. Ready to boost your security posture?Ready to further your career in the fast-paced, exciting world of cyber security?
About the Team
Arctic Wolf Labs is the research-focused division at Arctic Wolf focused on advancing innovation in the field of security operations. The mission of Arctic Wolf Labs is to develop cutting-edge technology and tools that are designed to enhance the company’s core mission to end cyber risk, while also bringing comprehensive security intelligence to Arctic Wolf’s customer base and the security community-at-large. Leveraging the more than two trillion security events the Arctic Wolf Security Operations Cloud ingests, parses, enriches, and analyzes each week, Arctic Wolf Labs is responsible for performing threat research on new and emerging adversaries, developing advanced threat detection models, and driving improvement in the speed, scale, and detection abilities of Arctic Wolf’s solution offerings. The Arctic Wolf Labs team comprises security researchers, threat intelligence researchers, data scientists, and security development engineers with deep domain knowledge in artificial intelligence (AI), security R&D, as well as advanced threat methods and technologies.
About the Role
A Lead Security Researcher, Malware Research is a subject matter expert in the areas of OS internals; static and dynamic malware analysis; signature development; reverse engineering; anti-analysis techniques and countermeasures. You will work closely with other security researchers to automate the detonation, detection, and classification of malware at scale and to extract high-fidelity intelligence as a result. If you love analyzing malware, understanding its behavior, and defeating evasions to extract intelligence that informs defense, then this is a great opportunity to join a rising security research team.
Responsibilities Include:
Maintain a thorough and in-depth understanding of the malware landscape
Reverse engineer malware to thoroughly understand its behavior
Reverse engineer malware to uncover anti-analysis techniques
Leverage knowledge gained from reversing to:
Develop high-quality static and behavioral signatures
Extract malware configuration data and other IOC’s
Propose and/or implement effective anti-analysis countermeasures
Contribute to the development and maintenance of modern analysis pipelines, tooling, and methods: orchestrated static, dynamic, and symbolic analysis; userland, kernel-mode, and VMI-based instrumentation
Provide research and subject matter expertise in support of ML model development, advanced IR activities, and priority intelligence requests
Document research findings in the form of malware profiles and/or blogs
Support the technical growth and development of the team and its members
Attend training, seminars or webinars that enhance your current knowledge base and skill set to improve job performance and efficiency.
About You
Prior experience in an advanced technical, and analytical security role - e.g., Digital Forensics and Incident Response (DFIR) Analyst, Consultant, Security Researcher, Detection Engineer or equivalent
Demonstrated experience with relevant static and dynamic malware analysis tools (e.g., IDA Pro, debuggers, sandboxing)
Highly proficient in reverse engineering Windows malware: Experience reversing Linux and/or macOS malware is a plus
Deep understanding of Windows internals and APIs
Strong knowledge of x86/x64 assembly language
Machine level understanding of C/C++ and higher-level language constructs (Golang, Rust, VBA, JS preferred)
Working knowledge of the PE file format (ELF a plus)
Experience identifying and mitigating anti-analysis techniques
Experience with API Hooking
Experience with Kernel-mode or VMI-based monitoring/instrumentation a plus
Knowledge of packers and obfuscation techniques
Python development experience for the purposes of automation and behavioral detection
Prior experience in detection engineering using languages such as Yara, Sigma, Clam, Snort, Suricata, or other comparable tools
Strong understanding of endpoint Security Monitoring, and Event Analysis for Windows, Linux, and macOS (e.g., OSSEC, OSQuery, Sysmon, ETW, Windows Event Log, auditd, etc.)
Highly proficient in the MITRE ATT&CK framework and its application in the development of detection methods
Proven leadership experience delivering successful projects regardless of title held
The willingness and ability to guide and mentor other team members
Interview Process
The interview process is approximately as follows:
Phone pre-screening: A recruiter contacts you to briefly discuss your work history and provide an overview of Arctic Wolf. Approximately 30 minutes.
Technical assessment (possible): A recruiter sends you a security research assessment to complete.
Face-to-face / Zoom interviews: Several team members conduct interviews to learn more about you and provide more information about your potential role and team. Be prepared to collaborate on a technical problem and talk more about past projects and your career goals. Approximately 1 / 1.30 hour per interview.
About Arctic Wolf
At Arctic Wolf we’re cultivating a collaborative and productive work environment that welcomes a diversity of backgrounds, cultures, and ideas to make our teams even stronger as we grow globally. We’ve been named one of the 50 Most Innovative Companies in the world for 2022 (Fast Company)—and the 2nd Most Innovative Security Company. This is in addition to consecutive awards from Top Workplace USA (2021, 2022), Best Places to Work - USA (2021, 2022) and Great Place to Work - Canada (2021, 2022).
Our Values
Arctic Wolf recognizes that success comes from delighting our customers, so we work together to ensure that happens every day. We believe in diversity and inclusion, and truly value the unique qualities and unique perspectives all employees bring to the organization. And we appreciate that—by protecting people and organizations’ sensitive data and seeking to end cyber risk— we get to work in an industry that is fundamental to the greater good.
We celebrate unique perspectives by creating a platform for all voices to be heard through our Pack Unity program. We encourage all employees to join or create a new alliance. See more about our Pack Unity here.
We also believe and practice corporate responsibility, and have recently joined the Pledge 1% Movement, ensuring that we continue to give back to our community. We know that through our mission to End Cyber Risk we will continue to engage and give back to our communities.
All wolves receive compelling compensation and benefits packages, including:
Equity for all employees
Bonus or commission pay based on role
Flexible time off, paid volunteer days and paid parental leave
401k/RRSP match
Medical, Dental, and Vision insurance
Health Savings and Flexible Spending Agreement
Voluntary Legal Insurance
Training and career development programs
Arctic Wolf is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics, or any other basis forbidden under federal, provincial, or local law. Arctic Wolf is committed to fostering a welcoming, accessible, respectful, and inclusive environment ensuring equal access and participation for people with disabilities. As such, we strive to make our entire employee experience as accessible as possible and provide accommodations as required for candidates and employees with disabilities and/or other specific needs where possible. Please let us know if you require any accommodations by emailing recruiting@arcticwolf.com.
Come join the Pack during this exciting time of rapid growth where every employee makes a difference and their contributions are recognized and rewarded.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: APIs Artificial Intelligence Automation C Cloud DFIR Endpoint security Forensics Golang Incident response Linux MacOS Malware MITRE ATT&CK Monitoring Python R&D Reverse engineering Rust Snort Threat detection Threat intelligence Threat Research Windows
Perks/benefits: 401(k) matching Career development Equity Flex hours Flex vacation Health care Insurance Medical leave Parental leave Salary bonus Startup environment Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs