Senior Threat Research Consultant

SUMMARY

The Senior Threat Research Consultant works in the Threat Fusion Center to focus on cybercrime activity. The position requires a self-starting and motivated person who contributes to Arete’s cyber threat intelligence program. This position performs malware reverse engineering, analyzing threats, and tracking known adversaries and emerging threats. The Senior Threat Research Consultant contributes to the research and publication of threat insights, internal work products, as well as tailored intelligence products for Arete’s clients. The work occasionally requires afterhours intelligence support during major engagements. Successful Senior Threat Research Consultants are passionate about malware reverse engineering and cyber threat intelligence.

ROLES & RESPONSIBILITIES  

• Performs malware reverse engineering (both static and dynamic malware analysis)
• Develops rules, tools, and methods of detection to be use for threat hunting and incident response activities
• Threat hunting in endpoint detection and response (EDR) telemetry data
• Identifies cyber threats, trends, and new threat actor groups by analyzing Arete’s case reports, raw and open source intelligence
• Identifies and reports on the current and changing Tactics, Techniques, and Procedures (TTPs) used by cyber threat actors
• Creates finished intelligence analysis for internal and external clients  through written reporting, blog posts, and industry insights to help reinforce Arete as a thought leader in cyber threat intelligence
• Informs various business units within Arete about new threat actor TTPs
• Creates internal presentations from analysis results
• Uncovers adversary activity not detected by current detection rules
• Identifies intelligence and technology gaps and submits requests for information to fill those gaps
• Responds to requests for information from clients and key stakeholders
• Conducts briefings for clients (via either phone, video conference, webcast, in-person briefing, or industry conference)
• Provides tactical intel and analysis support for DFIR, SOC, and MDR business units
• Creates detailed process documentation
• May perform other duties as assigned by management

SKILLS AND KNOWLEDGE  

• Ability to work effectively in a fast-paced, high volume, and results driven environment while managing multiple priorities; working knowledge in creating, modifying, and enhancing ransomware decryptors
• Ability to produce high-quality finished intelligence products within short deadlines
• In-depth knowledge of how malware is developed, functions, and is used in cybercrime operations
• Understanding of the tools and techniques used in cybercrime operations
• Familiar with any cyber threat intelligence framework (e.g. MITRE ATT&CK, Diamond Model, etc.)
• Knowledge of:
  • Different Crimeware, Ransomware, Bots, Commodity, and Nation-State malware families
  • Vulnerability exploitation and detection
  • Various open-source malware analysis tools
  • Sandbox systems
  • Regular Expressions
  • Network traffic analysis
  • Memory analysis
  • Log analysis
  • Working in a fast-paced environment with Digital Forensics and Incident Responders
• Ability to reverse engineer samples of various types such as
  • C/C++
  • .NET
  • Visual Basic scripts, Java scripts, powershell scripts
  • Malicious documents
  • Webshells
  • Shellcode
  • Packed and obfuscated code

JOB REQUIREMENTS

• Bachelor's degree in a Computer Science, Computer Engineering, cyber intelligence, information assurance, or related technical field; graduate degree preferred
• 5+ years focused on any combination of the following: malware reverse engineering, anti-analysis techniques, encryption/decryption algorithms, disassemblers/debuggers, and patching/exploiting code
• Relevant industry certification
• Experience with:
  • Using disassemblers and debuggers
  • Working with anti-analysis techniques and patching code to bypass checks
  • Working with encoding and encryption algorithms
  • Writing decoding and decryption algorithms
  • Writing Yara rules
  • Using MISP

DISCLAIMER

The above statements are intended to describe the general nature and level of work being performed. They are not intended to be an exhaustive list of all responsibilities, duties and skills required personnel so classified. 

WORK ENVIRONMENT

While performing the responsibilities of this position, the work environment characteristics listed below are representative of the environment the employee will encounter: Usual office working conditions. Reasonable accommodation may be made to enable people with disabilities to perform the essential functions of this job.

PHYSICAL DEMANDS

• No physical exertion required
• Travel within or outside of the state
• Light work: Exerting up to 20 pounds of force occasionally, and/or up to 10 pounds of force as frequently as needed to move objects

TERMS OF EMPLOYMENT

Salary and benefits shall be paid consistent with Arete salary and benefit policy.

FLSA OVERTIME CATEGORY

Job is exempt from the overtime provisions of the Fair Labor Standards Act.

DECLARATION

The Arete Incident Response Human Resources Department retains the sole right and discretion to make changes to this job description.

EQUAL EMPLOYMENT OPPORTUNITY

• We’re proud to be an equal opportunity employer- and celebrate our employees’ differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better. 

Arete Incident Response is an outstanding (and growing) company with a very dedicated, fun team. We offer competitive salaries, fully paid benefits including Medical/Dental, Life/Disability Insurance, 401(k) and the opportunity to work with some of the latest and greatest in the fast-growing cyber security industry.

 

 

When you join Arete…

You’ll be doing work that matters alongside other talented people, transforming the way people, businesses, and things connect with each other. Of course, we will offer you great pay and benefits, but we’re about more than that. Arete is a place where you can craft your own path to greatness. Whether you think in code, words, pictures or numbers, find your future at Arete, where experience matters.

Equal Employment Opportunity

We’re proud to be an equal opportunity employer- and celebrate our employees’ differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better.