IR Specialist Manager (Malware Reverse Engineering)
The Malware Researcher Manager reports to the APAC GCIR IR Manager. Malware analysis lives within the incident responder function of the GCIR group. As a Malware Researcher, you will conduct static and dynamic analysis of malware to extract atomic indicators of compromise, profile malware behavior, and articulate recommendations for mitigating and detecting malware. The right candidate is a self-starter with excellent technical skills to perform duties such as, but not limited to, researching, and classifying malware, exploring malware distribution techniques such as exploit kits and phishing/spam campaigns, tracking and investigating botnets, researching broad and targeted attacks, developing scripts and tools on-the-fly to support research activities, conduct independent research into crimeware and advanced attacks, and create reports. Other Responsibilities include:
· Perform technical research into advanced malware, targeted attacks, crimeware campaigns, andother emerging technologies and techniques to identify and report on cyber-attacks andattackers.
· Perform proactive research to identify, categorize and produce reports on new and existingthreats.
· Correlate information with additional data sources to develop a comprehensive operationalpicture of malicious actors, and their tactics, techniques, and procedures.
· Conduct technical evaluations of new or emerging cyber threats, such as attack tools, exploits,malware, etc, and how they are used in conjunction with crime or nation state operations.
· Discover and investigate malicious activities to determine various tactics such as exploitationmethods, and effects on systems and information.
· Provide awareness to internal analysis and collections teams on changes to the cyber threatlandscape and criminal activities.
· Co-develop and help manage technical capabilities needed to enhance new sources ofintelligence collection in partnership with engineering, analysis, and collections teams.
· Contribute research to reporting on current and emerging threats and establish relationshipsbetween the research team and external entities such as law enforcement agencies and vendors.
· Provides technical services needed for cyber incident response investigations including,containment, eradication, and remediation activities.
· Assists with assessing scope of the incident damage.
· Assists in determination of incident severity.
· Assists with maintaining documentation throughout a cyber incident.
· Assist in the drafting of post-incident reports to senior leadership to convey impact, origin, rootcause, and remediation.
· Perform incident response services including, but not limiting to, collection, documentation,preservation and analysis of incident evidence for digital forensics investigations.
Location: Hyderabad, India
Shift timings: 11 AM to 8 PM
Total exp: 10-13yrs
The Team:
Global CIR provides cyber security incident management and coordination services for global cyber security incidents and its internal clients.
Qualifications
Required:
· Bachelor’s degree: a technology-related field, or equivalent education-related experience or equivalent experience
· Minimum of 9-12 years of experience in security operations or threat intelligence, incident response with at least 4 of those years of experience in malware analysis and Malware reverse engineering
· Understanding of cyber threats and how intelligence is used by security appliances and operators
· Understanding of static and dynamic malware analysis tools and techniques, to include:
o Debugging - X64 DBG and WinDBG
o Disassemblers - IDA Pro or Ghidra
· Working knowledge of Assembly, basic understanding of C and/or C++, Python, JSON, and Visual Basic
· Deep understanding of open-source penetration testing tools and experience writing Yara rules
· Familiarity with PowerShell and other command shell scripting languages
· Experience in reversing binaries (PE, ELF, DLL, Mach-O, Delphi)
· Good understanding of OS internals for both Windows and Unix
· Experience with creating custom malware sandboxes and deception environments
Preferred:
· Familiarity with EDR tools
· Familiarity with Splunk & ServiceNow
· Familiarity with Cloud technologies – AWS, Azure and Containers (dockers/Kubernetes)
· Familiarity with the Microsoft security stack such as the Defender line of products
· Historical knowledge of major cyber threat actors and their malware families
· Familiarity with Threat Intelligence Platform software such as ThreatConnect or Anomaly