S/W Engineering | Veszprem, Hungary | Full Time
We are looking for a hands-on malware analyst to join our growing R&D team in VESZPRÉM.
You are passionate about developing customized technical solution sets to monitor and analyze several different malware families and create products to mitigate threats including Advanced Persistent Threats (APT) and zero-day attacks.
You possess subject matter expertise in Incident Response (IR), threat detection, host and network forensics, computer intrusion.
You have a thorough working understanding of the security industry and are driven to stay abreast of the latest threats and threat actors as they are discovered.
You are self-motivated and have a proven ability to work well in a fast-paced team environment.
What You Will Be Doing
- Conduct deep-dive technical analysis of malicious artifacts/events to identify, assess, and document cyber-attack tools, tactics, and procedures including malware defense mechanisms such as anti-reverse, anti-debug, and anti-virtual machine (anti-evasion techniques)
- Lead efforts to develop and extract IOCs from malicious binaries, portable executables (PE), scripts, documents, and packet captures; use the resulting data to inform efforts to create detection logic
- Create signatures (file, host, network) to detect, hunt, and prevent compromise from known and unknown malware families
- Create tooling/intelligence products to understand malware and incorporate the learnings into our customer-facing products
- Identify credible new tools and subject matter resources relative to current and emerging malware analysis techniques
- Implement both tactical and strategic solutions to improve the detection capabilities of our malware analysis products
- Analyze modern malware based on public records or own research (big plus). Dynamic analysis technique is preferred.
- Keep yourself up-to-date with the latest malware threats, focusing on common behaviors of malware in the same type, same family.
- Document detailed malware threats and identify procedures to avoid them, classify malware based on malware behaviors, malware commonalities, malware families.
- Replicate the common-suspicious behavior of malware based on the analysis results and how to capture these behaviors.
- Participate in research and development of malware protection tools
What We Need From You
- Strong understanding of the cyber threat ecosystem including targets, actors, and the TTPs they use to distribute malware
- utilizing multiple reverse engineering tools and techniques to perform malware and intrusion analysis, host and network forensics, and threat intelligence collection
- Ability to apply a thorough knowledge of attacker capabilities, intentions, motives, and historical operations/targets to inform cybersecurity strategies quickly, clearly and effectively
- Ability to use static and dynamic methods to analyze a file using a (user and kernel mode) debugger disassembler and other tools in a Virtual Machine (VM)
- Knowledge of security and compliance frameworks including MITRE ATT&CK
- Deep understanding of dynamic (preferred) / static analysis of malware techniques.
- Deep knowledge in operating system APIs and internals: Windows and Linux
- Experience in some common malware techniques: Injection, Packing, Obfuscating...
- Good understanding of network protocols. Proficient experience in Network analysis tools (Wireshark...)
It Would Be Nice If You Had
- Familiarity with ICS/IIoT threats and security
- Experience analyzing malware in a sandbox environment
- Experience working with other tools: Process Hacker, Windows Sys Internals (Process explorer, Process monitor, PE Explorer and Yara Generation)
- Familiarity with Agile / Scrum working environment
- Familiarity with Git, Bitbucket, Jira, Confluence, TeamCity
What we offer
- Stable, growing international company background with an exceptional customer group
- Opportunity to improve your professional skills
- The newest technology environment
- Attractive working environment – a nice office full of accessories for active recreation, sport and language classes, team events, fruits, coffee, tea, etc
- Occasional remote work possibility