Senior Advanced Threat Research Consultant – SecureWorks
SecureWorks is a global leader in providing intelligence-driven information security solutions. We play an important role, as no organization in the world is immune from cyberattacks and the nature of the attack is changing every day. Internet security is a problem that will never be solved. Unlike point products that address a specific technology issue, we attack the problem holistically by analyzing threat actor tactics, techniques and procedures, and develop solutions using best-of-breed technologies to protect our clients. We are one of the best in the world at understanding the threat.
In short, we give our clients an early warning capability. SecureWorks was founded in 1999 and headquartered in Atlanta, Ga., with offices in all the major security markets around the globe. We have more than 2,000 team members, and partner with more than 4,200 clients in 59 countries to keep the bad guys out of their networks. We’ve been consistently recognized by industry analysts, readers’ polls and as a leader in the Gartner Magic Quadrant for managed security services, worldwide.
The successful candidate must be a strong leader in the security field with proven technical skills and experience researching, hunting, and responding to advanced threat actors. As a member of a highly trained advanced threat security research team, the person will provide senior technical leadership for client-focused projects, generate high-confidence threat intelligence, and contribute to the development of advanced technologies and processes to detect targeted threat actors and enhance protections for our Managed Security Services clients. They will also work on a joint team comprised of security researchers and senior incident response consultants and to provide subject matter expertise in support of Cyber-Security Incident Management (such as incident handling, breach management, forensics, electronic discovery, etc.).
Up to 40% travel may be required for this role.
-Participate in advanced incident response and targeted threat hunting engagements
-Document findings, develop incident response remediation recommendations and present both orally and written reports for clients
-Collaborate with teammates to develop focused threat intelligence that improves our incident response capabilities, our proprietary technology, and protects our clients
-Contribute to the development and delivery of competitive services, methodologies, and deliverables in the security marketplace
-Provide timely support for advanced malware analysis and reverse engineering escalations
-Serve as a top subject matter expert in key elements of the practice (e.g., Forensics, Malware Analysis, Security Technologies, etc.)
-Work as an internal subject matter expert for other departments, including marketing, product management, the Counter Threat Unit research team, and Security and Risk Consulting Incident Management Practice.
As a managed security provider, SecureWorks expects its employees to understand and apply commonly -known security practices and possess a working knowledge of applicable industry controls such as NIST 800-53. Employees will be expected to acknowledge their security responsibilities in writing prior to gaining access to company systems. Employees will be required to maintain a working knowledge of local security policies and execute general controls as assigned.
-Strong proficiency in understanding computer architecture, operating systems concepts, and file systems
-Thorough knowledge of information security components, principles, practices, and procedures
-Thorough understanding of computer network exploitation (CNE) and computer network defense (CND) concepts
-Ability and passion to work in a fast-paced environment with multiple competing projects and client requirements
-Experience researching targeted threat groups and their tactics, techniques and procedures (TTP)
-Strong proficiency and/or expertise with:
- programming languages to include Python and Bash
- static and dynamic malware analysis
- reverse engineering IA32/64 architecture binaries designed for popular operating systems (Windows, OS X, and Linux)
-Strong proficiency and/or expertise in:
- performing forensic analysis of collected memory
- forensic analysis of disk images that may involve various file systems (NTFS, FAT, EXT3/4, HFS+) and operating systems
- log analysis
- performing network traffic analysis
-BA/BS in Engineering/Computer Science, or acceptable combination of education and experience
-Programming with C, C++, IA32/64 Assembly
-Reverse engineering mobile ARM architecture binaries
-Experience developing tools for malicious code analysis, network traffic analysis, and the detection of malicious code on endpoint systems
-Performing vulnerability and exploit research and analysis
This is a remote position.
SecureWorks is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: SecureWorks is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at SecureWorks are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. SecureWorks will not tolerate discrimination or harassment based on any of these characteristics. SecureWorks encourages applicants of all ages.
Info Security Research-SW Engr
North America-US-Remote/Field/Satellite Office