Mandiant is seeking a Forensic / Malware Analyst to lead the development and operation of a forensics and malware analysis functional capability and support ongoing investigative and incident response activities. The successful candidate will have a proven record of identifying and tracking cyber threats, and a technical understanding of the tools, techniques, and procedures used by threat actors. The candidate will dissect exploits, attacker tools and implants in support of incident responders, and will also help develop innovative tools to assist responders and automate malware analysis and reverse engineering efforts. The candidate will also conduct network hunt and incident response activities as required.

The Forensic / Malware Analyst is expected to work with minimal guidance against a broad set of objects to handle a variety of complex assignments and situations. Within established priorities and deadlines, the successful candidate will exercise independent judgment in selecting and applying appropriate methods, procedures, techniques, and practices.

Responsibilities:

• Develop an innovative and effective forensics and malware analysis capability to support incident response and threat based hunting activities
• Develop tools, signatures, and methods of detection for use in incident response activities
• Perform static and dynamic analysis of malware samples utilizing reverse engineering tools
• Research and develop methods of tracking and detecting malicious activity within a network
• Support network hunt and incident response activities as required
• Compile collected intelligence with malware research to be presented to senior leaders and build upon a larger knowledgebase of tracked threat activity
• Present tactical and strategic intelligence about threat actors, methodologies, and motivations based on malware research and incident response activities
• Prepare and deliver briefings and reports to customer leadership, operational teams, or fellow analysts

Requirements:

• Five (5) or more years of related experience required
• Two (2) or more years in an investigative or incident response environment
• Excellent communication and presentation skills with the ability to present to a variety of external audiences, including senior executives
• Ability to work with little direct oversight
• Knowledge of malware analysis and reverse engineering
• Proficiency with network traffic analysis
• Deep working knowledge of networking concepts and protocols: TCP/IP, HTTP, HTTPS, DNS, RPC, etc.
• Maintain current knowledge of tools and best-practices in advanced persistent threats; tools, techniques, and procedures (TTPs) of attackers; and forensics and incident response
• Experience identifying, analyzing, and interpreting trends or patterns in data sets
• Working knowledge of network hunt methodology and the incident response process
• Working knowledge of file formats such as PE, PDF, SWF, etc.
• Deep understanding of operating systems and relevant API
• Deep understanding of file system formatting such as NTFS, FAT, exFAT
• Knowledge of packers and obfuscation techniques as well as experience defeating anti-analysis techniques
• Capable of identifying host and network indicators for use with network hunt and incident response activities.
• Familiarity with Snort, YARA, and OpenIOC signature formats
• Demonstrable experience with reverse engineering tools such as IDA Pro, Ollydbg, Windbg

Additional Qualifications:

• Malware / security experience, and experience with FireEye products highly desired
• Experience with sandboxing operations and technologies, to include automating analysis operations
• Experience with identifying forensic artifacts left by attacker/red team activity
• Experience leading and managing an incident response engagement from start to finish
• Familiarity with the use of forensics images and memory dumps in support of incident response
• Experience developing tools to deconstruct C2 protocols, and decode obfuscated data and network communications
• Understanding of basic cryptographic concepts and algorithms
• Ability to recognize and handle sensitive data appropriately
• Strong leadership skills with the ability to prioritize and execute in a methodical and disciplined manner
• Ability to set and manage expectations with senior stakeholders and team members
• Demonstrated ability to manage customer relationships
• Experience working in a Department of Defense environment with exposure to applicable DoD regulations
• Certified Information Systems Security Professional (CISSP) certification desired
• SANS/GIAC Certified Incident Handler (GCIH) desired
• SANS/GIAC Reverse Engineering Malware (GREM) desired
• SANS/GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) desired
• Offensive Security Certified Professional (OSCP) desired

All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.

*LI-KB1

Video: