MALWARE REVERSE ENGINEER
PhishLabs, a growing technology firm headquartered in Charleston, SC, is seeking an experienced Malware Reverse Engineer to join our exceptional team dedicated to the fight against cybercrime. If you are a highly motivated reverse engineer with a proven ability of analyzing suspicious binary files and identifying threats, we want you on our team.
Why PhishLabs? Simply stated – we’re a dynamic group doing innovative work in a hot industry! With our team of world class security experts, a strong base of top-tier clients and the increasing sophistication and proliferation of cybercrime, PhishLabs is well positioned to continue our track record of strong company growth. At PhishLabs, we consistently strive to exceed client expectations in everything we do. We accomplish this by focusing on team accountability, agility, collaboration, and innovation while holding ourselves to the highest of security standards in a fun environment. This has been a catalyst for PhishLabs being recognized as South Carolina's fastest-growing tech company in the Roaring Twenties list of small businesses in 2015. We are also very proud of our #1135 rankings on the Inc 5000 list of fastest-growing private companies in the U.S. in 2015.
One of the cornerstones of our business is helping our customers by providing intelligence services that fight back against online threats and reduce the risks associated with cyber-attacks. The Research, Analysis, and Intelligence Division at PhishLabs is looking for an experienced reverse engineer with experience in analyzing executable binaries from numerous operating systems and platforms. The right individual should have a passion for understanding why things work, to dig deeper to understand the inner workings of hardware and software, and to solve hard problems.
How you will impact PhishLabs and our clients:
- Reverse engineer malware samples in order to characterize their attributes for identification, correlate indicator information to identify larger attack architectures and topologies, and create proof of concept software to assist in real-time analysis and tracking of targeted malware families.
- Conduct vulnerability analysis of complex and diverse software systems and network architectures.
- Identify anti-analysis techniques, including encryption, obfuscation, virtual machine detection, and conditional coding for the purpose of identifying tactics, techniques, and procedures used by malware authors.
- Provide subject matter expertise on cyber threats, attacks, and incidents of interests to PhishLabs and our customers as well as knowledge of typical attack vectors, network exploitation techniques, and exfiltration channels.
- Monitor underground marketplace activity for any new threats being distributed or discussed by cyber actors.
What you need to SUCCEED:
- Advanced understanding of Windows and Linux based operating systems as well as the iOS and Android Platforms.
- Demonstrable experience working with open-source and commercial analysis tools for the purposes of malware reverse engineering including, but not limited to, decompilers, disassemblers, debuggers, systems internals utilities, and network traffic analysis tools.
- Experience with enterprise level sandbox tools and familiarity of edge and endpoint protection systems.
- Proven ability to analyze and reverse engineer packed or obfuscated code, develop code to monitor botnets, and reverse engineer custom protocols.
- Advanced understanding of operating system internals and Windows API.
- Experience with both SQL and NoSQL data storage solutions as well as ElasticSearch search and analytics engine to include data implementation and design.
- Experience with security data characterization standards such as STIX, MAEC, TAXII, CybOx.
- Experience with networking, network protocols, and security infrastructures.
- Excellent communication, written, and organizational skills.
- A Bachelor’s or Master’s degree in Computer Science, Information Systems, or other computer related field.
- Experience with financially-incentived malware such as banking trojans is preferred.
- Experience with creation and maintenance of rules to detect malicious activity or code (yara, snort, suricate, etc.)