Lead Security Researcher

Arctic Wolf, with its unicorn valuation, is the leader in security operations in an exciting and fast-growing industry—cybersecurity. We have won countless awards for our excellence in security operations and remain dedicated to providing an industry-leading customer and employee experience.

Our mission is simple: End Cyber Risk. We’re looking for a Lead Security Researcher to be a part of making this happen.

About the Team
Arctic Wolf Labs is the research-focused division at Arctic Wolf focused on advancing innovation in the field of security operations. The mission of Arctic Wolf Labs is to develop cutting-edge technology and tools that are designed to enhance the company’s core mission to end cyber risk, while also bringing comprehensive security intelligence to Arctic Wolf’s customer base and the security community-at-large. Leveraging the more than five trillion security events the Arctic Wolf Security Operations Cloud ingests, parses, enriches, and analyzes each week, Arctic Wolf Labs is responsible for performing threatresearch on new and emerging adversaries, developing advanced threat detection models, and driving improvement in the speed, scale, and detection abilities of Arctic Wolf’s solution offerings. The Arctic Wolf Labs team comprises security researchers, threat intelligence researchers, data scientists, and security development engineers with deep domain knowledge in artificial intelligence (AI), security R&D, as well as advanced threat methods and technologies.
 

About the Role
A Lead Security Researcher, Malware Research is a subject matter expert in the areas of reverse engineering, static and dynamic malware analysis, signature development, config extraction, anti-analysis techniques and countermeasures. You will work closely with other security researchers to automate the detonation, detection, and classification of malware at scale and to extract high-fidelity intelligence as a result. If you love tearing malware apart to understand behavior, defeat evasions, and extract intelligence that informs defense, this is a great opportunity to join an awesome team.
 

Responsibilities Include:

• Stay abreast of the malware landscape in order to prioritize coverage

• Reverse engineer malware to thoroughly understand its behavior

• Reverse engineer malware to uncover anti-analysis techniques

• Leverage knowledge gained from reversing to:

• Develop high-quality static and behavioral signatures

• Extract malware configuration data and other IOC’s

• Propose and/or implement effective anti-analysis countermeasures

• Assist Threat Intelligence and Incident Response efforts

• Actively contribute to the development and maintenance of modern analysis pipelines, tooling, and methods: orchestrated static, dynamic, and symbolic analysis; userland, kernel-mode, and VMI-based instrumentation

• Document research findings in the form of malware profiles and/or blogs

• Present research findings in webinar-like settings

About You

• Prior experience in an advanced technical, and analytical security related role. For example, Digital Forensics and Incident Response (DFIR), Security Research, Detection Engineering, etc.

• Demonstrated experience with relevant static and dynamic malware analysis tools (e.g., IDA Pro, debuggers, sandboxing)

• Highly proficient in reverse engineering Windows malware: Experience reversing Linux, macOS, and/or Android malware is a plus

• Deep understanding of Windows internals and APIs

• Strong knowledge of x86/x64 assembly language

• Machine level understanding of C/C++ and higher-level language constructs (Golang, Rust, VBA, JS preferred)

• Working knowledge of the PE file format (ELF a plus)

• Experience identifying and mitigating anti-analysis techniques

• Experience with API Hooking

• Experience with Kernel-mode or VMI-based monitoring/instrumentation a plus

• Knowledge of packers and obfuscation techniques

• Python development experience for the purposes of automation and behavioral detection

• Prior experience in detection engineering leveraging Yara, Sigma, Clam, Snort, Suricata, or other comparable tools

• Ability to work collaboratively in a remote setting

About Arctic Wolf 

At Arctic Wolf we’re cultivating a collaborative and productive work environment that welcomes a diversity of backgrounds, cultures, and ideas to make our teams even stronger as we grow globally. We’ve been named one of the 50 Most Innovative Companies in the world for 2022 (Fast Company)—and the 2nd Most Innovative Security Company. This is in addition to consecutive awards from Top Workplace USA (2021, 2022), Best Places to Work - USA (2021, 2022) and Great Place to Work - Canada (2021, 2022). 

Our Values 

Arctic Wolf recognizes that success comes from delighting our customers, so we work together to ensure that happens every day. We believe in diversity and inclusion, and truly value the unique qualities and unique perspectives all employees bring to the organization. And we appreciate that—by protecting people’s and organizations’ sensitive data and seeking to end cyber risk— we get to work in an industry that is fundamental to the greater good. 

We celebrate unique perspectives by creating a platform for all voices to be heard through our Pack Unity program. We encourage all employees to join or create a new alliance. See more about our Pack Unity here.  

We also believe and practice corporate responsibility, and have recently joined the Pledge 1% Movement, ensuring that we continue to give back to our community. We know that through our mission to End Cyber Risk we will continue to engage and give back to our communities. 

All wolves receive compelling compensation and benefits packages, including: 

• Equity for all employees 

• Bonus or commission pay based on role 

• Flexible time off, paid volunteer days and paid parental leave 

• 401k and RRSP match

• Medical, Dental, and Vision insurance 

• Health Savings and Flexible Spending Agreement 

• Voluntary Legal Insurance 

• Training and career development programs 

Arctic Wolf is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics, or any other basis forbidden under federal, provincial, or local law. Arctic Wolf is committed to fostering a welcoming, accessible, respectful, and inclusive environment ensuring equal access and participation for people with disabilities. As such, we strive to make our entire employee experience as accessible as possible and provide accommodations as required for candidates and employees with disabilities and/or other specific needs where possible. Please let us know if you require any accommodations by emailing recruiting@arcticwolf.com. 

Security Requirements

• Conducts duties and responsibilities in accordance with AW’s Information Security policies, standards, processes, and controls to protect the confidentiality, integrity, and availability of AW business information assets.

• Must pass a criminal background check and an employment verification as a condition of employment.

• This position may require access to information protected under U.S. export control laws and regulations, including the Export Administration Regulations (“EAR”).  Please note that, if applicable, an offer for employment will be conditioned on authorization to receive software or technology controlled under these U.S. export control laws and regulations.