Cybersecurity Threat Researcher 2 - Remote

Description: The job duties include strong research and analysis skills, including understanding of malware analysis, reverse-engineering, defense evasion techniques, and engineering of detection capabilities. Threat Researchers produce products such as network detection rules (Snort or Suricata), file pattern matching rules (Yara), and SIEM or EDR threat detection rules (e.g. Splunk, Carbon Black, Azure Sentinel, etc). Threat Researchers hunt for advanced attackers who evade detection by existing security controls, add new detection rules and tune those rules to provide useful results. The role also involves writing software tools for internal use, using a variety of scripting or programming languages. The position requires a person who can take ownership, is deadline oriented, highly responsive, and is able to produce high quality work in a fast-paced environment. The role is responsible for producing written work several times a week on a wide variety of cybersecurity topics. Threat Researchers will work closely with the Security Operations Center (SOC) analysts as required to provide assistance with detailed analysis of security events, analysis of malware capabilities, and extraction of indicators of compromise (IOCs) to locate other compromised systems on client networks. Key Responsibilities

• Ability to take ownership, set priorities, multi-task and meet tight deadlines
• 3+ years of experience in information security
• Keep up to date with the latest threat actor techniques and other cybersecurity topics that are relevant to businesses defending computers and networks from intrusions.
• Practical cryptography experience: applying existing modules and cryptographic libraries to encrypt and decrypt data About Binary Defense Binary Defense, headquartered in Stow, Ohio, is a rapidly growing cybersecurity software and services firm with solutions that include best-in-class Managed Detection & Response powered by a Managed Open XDR platform. The company has a 24/7 Security Operations Center that monitors their own proprietary managed EDR software as well as supporting leadings network, cloud and identity solutions. Advanced threat hunting, defense validation and counterintelligence services provide additional layers of security. Our expert security staff and technology help shield businesses from cyberattacks. Binary Defense is a fast-paced business that enjoys a relaxed culture (from anywhere in the continental United States) and flexible remote work options. For the fourth year in a row, Binary Defense has been recognized as one of the fastest-growing private companies in the US on the Inc. 5000 list! At the 2022 Greater Cleveland Partnership's Best of Tech Awards, Binary Defense was recognized as the Best Technology Solution for the third year in a row. We've also been named North American Partner of the Year by AT&T Cybersecurity, providing best-in-class SIEM technology and service. Binary Defense recently completed a $36 million growth equity round of funding from Invictus Growth Partners to accelerate our growth and technology and service delivery offerings. Binary Defense offers competitive medical, dental and vision coverage for employees and dependents, a 401k match which vests every payroll, a flexible and remote friendly work environment, as well as training opportunities to expand your skill set (to name a few!). If you're interested in joining a growing team with great perks, we encourage you to apply! PI224541598
• Technical understanding of malware analysis techniques and ability to correctly interpret results of malware reverse engineering as it practically applies to threat hunting tasks
• Act as a mentors to other analyst on the team
• Experience using EDR and SIEM tools to hunt for threat actor activity
• Understanding of cybersecurity topics and ability to explain them to others clearly
• Based on malware analysis results, develop network threat signatures to detect malware communication (e.g. Snort, Suricata).
• Experience using new threat intelligence to drive intelligence driven threat hunts.
• Performs any other essential function that may occur as directed Preferred Skills
• Ability to discuss the current threat landscape to customers and make recommendation to improve security posture.
• Superior research and technical analysis skills
• Network traffic analysis experience
• Well-developed problem-solving and interpersonal skills
• Excellent writing and verbal communication skills
• Based on malware analysis results, develop Yara rules to match patterns in malware instructions, patterns to match functions, strings and other sequences.
• Perform research and investigations with little to no oversight to locate information that is relevant to clients' requests.
• Excellent organizational skills with acute attention to detail
• Experience analyzing obfuscated scripts (e.g. PowerShell, VBA, JavaScript, .Net, etc.)
• Proactively research new malware using hunting capabilities on malware repository services such as VirusTotal.
• Other projects and responsibilities, as assigned by the direct manager Requirements:
• Programming and scripting experience to develop internal tools
• Reverse engineer malware using disassemblers and debugging tools (e.g., IDA Pro, Ghidra, x64dbg, WinDbg, Immunity Debugger, Frida, etc.).
• Experience researching emerging threats and attack vectors being exploited in the wild
• Digital forensics and incident response experience
• Ensure that all written communication is professional, high quality, free of errors and clearly deliver relevant information that is of value to clients.
• Develop new software tools as required by job duties, including software that implements non-standard network communication protocols and encrypts or decrypts data using algorithms discovered from malware analysis results.
• Experience defeating packers/crypters to unpack malware samples for analysis
• Associate's degree or equivalent experience in Computer Science, Information Security, Incident Response, Forensics, or a related field
• Proven track record of independently managing multiple research projects – Accountability, personal initiative, and integrity
• Serve as the primary point of contact for clients to discuss technical threat hunting issues, and mentoring new Threat Hunting team members to grow in their skills and abilities.
• Bachelor's or Master's degree in Computer Science with an emphasis on Security
• Experience reverse-engineering malware (can be professional or student experience)