Lead Security Researcher – Malware Research

Ready to further your career in the fast-paced, exciting world of cyber security?

About the Team 

Arctic Wolf Labs is the research-focused division at Arctic Wolf focused on advancing innovation in the field of security operations. The mission of Arctic Wolf Labs is to develop cutting-edge technology and tools that are designed to enhance the company’s core mission to end cyber risk, while also bringing comprehensive security intelligence to Arctic Wolf’s customer base and the security community-at-large. Leveraging the more than two trillion security events the Arctic Wolf Security Operations Cloud ingests, parses, enriches, and analyzes each week, Arctic Wolf Labs is responsible for performing threat research on new and emerging adversaries, developing advanced threat detection models, and driving improvement in the speed, scale, and detection abilities of Arctic Wolf’s solution offerings. The Arctic Wolf Labs team comprises security researchers, threat intelligence researchers, data scientists, and security development engineers with deep domain knowledge in artificial intelligence (AI), security R&D, as well as advanced threat methods and technologies. 

About the Role 

A Lead Security Researcher, Malware Research is a subject matter expert in the areas of OS internals; static and dynamic malware analysis; signature development; reverse engineering; anti-analysis techniques and countermeasures. You will work closely with other security researchers to automate the detonation, detection, and classification of malware at scale and to extract high-fidelity intelligence as a result. If you love analyzing malware, understanding its behavior, and defeating evasions to extract intelligence that informs defense, then this is a great opportunity to join a rising security research team. 

Responsibilities Include: 

• Maintain a thorough and in-depth understanding of the malware landscape 

• Reverse engineer malware to thoroughly understand its behavior 

• Reverse engineer malware to uncover anti-analysis techniques 

• Leverage knowledge gained from reversing to: 

• Develop high-quality static and behavioral signatures 

• Extract malware configuration data and other IOC’s 

• Propose and/or implement effective anti-analysis countermeasures 

• Contribute to the development and maintenance of modern analysis pipelines, tooling, and methods: orchestrated static, dynamic, and symbolic analysis; userland, kernel-mode, and VMI-based instrumentation 

• Provide research and subject matter expertise in support of ML model development, advanced IR activities, and priority intelligence requests 

• Document research findings in the form of malware profiles and/or blogs 

• Support the technical growth and development of the team and its members 

• Attend training, seminars or webinars that enhance your current knowledge base and skill set to improve job performance and efficiency.  

About You 

• Prior experience in an advanced technical, and analytical security role - e.g., Digital Forensics and Incident Response (DFIR) Analyst, Consultant, Security Researcher, Detection Engineer or equivalent 

• Demonstrated experience with relevant static and dynamic malware analysis tools (e.g., IDA Pro, debuggers, sandboxing) 

• Highly proficient in reverse engineering Windows malware: Experience reversing Linux and/or macOS malware is a plus 

• Deep understanding of Windows internals and APIs 

• Strong knowledge of x86/x64 assembly language 

• Machine level understanding of C/C++ and higher-level language constructs (Golang, Rust, VBA, JS preferred) 

• Working knowledge of the PE file format (ELF a plus) 

• Experience identifying and mitigating anti-analysis techniques 

• Experience with API Hooking 

• Experience with Kernel-mode or VMI-based monitoring/instrumentation a plus 

• Knowledge of packers and obfuscation techniques 

• Python development experience for the purposes of automation and behavioral detection 

• Prior experience in detection engineering using languages such as Yara, Sigma, Clam, Snort, Suricata, or other comparable tools 

• Strong understanding of endpoint Security Monitoring, and Event Analysis for Windows, Linux, and macOS (e.g., OSSEC, OSQuery, Sysmon, ETW, Windows Event Log, auditd, etc.) 

• Highly proficient in the MITRE ATT&CK framework and its application in the development of detection methods 

• Proven leadership experience delivering successful projects regardless of title held 

• The willingness and ability to guide and mentor other team members 

Interview Process 

The interview process is approximately as follows: 

• Phone pre-screening: A recruiter contacts you to briefly discuss your work history and provide an overview of Arctic Wolf. Approximately 30 minutes. 

• Technical assessment (possible): A recruiter sends you a security research assessment to complete.

• Face-to-face / Zoom interviews: Several team members conduct interviews to learn more about you and provide more information about your potential role and team. Be prepared to collaborate on a technical problem and talk more about past projects and your career goals. Approximately 1 / 1.30 hour per interview. 

About Arctic Wolf 

At Arctic Wolf we’re cultivating a collaborative and productive work environment that welcomes a diversity of backgrounds, cultures, and ideas to make our teams even stronger as we grow globally. We’ve been named one of the 50 Most Innovative Companies in the world for 2022 (Fast Company)—and the 2nd Most Innovative Security Company. This is in addition to consecutive awards from Top Workplace USA (2021, 2022), Best Places to Work - USA (2021, 2022) and Great Place to Work - Canada (2021, 2022). 

Our Values 

Arctic Wolf recognizes that success comes from delighting our customers, so we work together to ensure that happens every day. We believe in diversity and inclusion, and truly value the unique qualities and unique perspectives all employees bring to the organization. And we appreciate that—by protecting people and organizations’ sensitive data and seeking to end cyber risk— we get to work in an industry that is fundamental to the greater good. 

We celebrate unique perspectives by creating a platform for all voices to be heard through our Pack Unity program. We encourage all employees to join or create a new alliance. See more about our Pack Unity here.  

We also believe and practice corporate responsibility, and have recently joined the Pledge 1% Movement, ensuring that we continue to give back to our community. We know that through our mission to End Cyber Risk we will continue to engage and give back to our communities. 

All wolves receive compelling compensation and benefits packages, including: 

• Equity for all employees 

• Bonus or commission pay based on role 

• Flexible time off, paid volunteer days and paid parental leave 

• 401k/RRSP match

• Medical, Dental, and Vision insurance 

• Health Savings and Flexible Spending Agreement 

• Voluntary Legal Insurance 

• Training and career development programs 

 
Arctic Wolf is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics, or any other basis forbidden under federal, provincial, or local law. Arctic Wolf is committed to fostering a welcoming, accessible, respectful, and inclusive environment ensuring equal access and participation for people with disabilities. As such, we strive to make our entire employee experience as accessible as possible and provide accommodations as required for candidates and employees with disabilities and/or other specific needs where possible. Please let us know if you require any accommodations by emailing recruiting@arcticwolf.com. 

Come join the Pack during this exciting time of rapid growth where every employee makes a difference and their contributions are recognized and rewarded.