· 6 years ago · Nov 27, 2019, 12:04 PM
1
2Responsibilities to include:
3
4Use detailed technical knowledge of tools, tactics, and procedures (TTPs) of Russian threat actor groups such as APT28, 29, Turla, and others to identify opportunities for new research, collection, and the development of in-house analytics to benefit future research.
5Develop tools and methods to identify Russian APT malware (i.e., Zebrocy, Neuron, Turla, CrashOverride) using retro hunting and advanced detection techniques in common malware multi-scanner repositories as well as within Recorded Future's exclusive collection.
6Support other threat intelligence analysts to analyze malware associated with advanced threat actors to develop leads and insights into actor infrastructure, tooling, and targeting.
7Stay on top of developments within the malware landscape and track key developments by following publications, blogs, and mailing lists.
8Perform network analysis of malicious infrastructure related to Russian APT campaigns.
9Analyze malware used by Russian state-backed actors to identify leads for further analysis.
10Develop network and host-based detection rules such as SNORT and Yara to detect APT campaigns in line with Insikt research goals.
11Publish research on novel threats and research results.
12Investigate potential links and overlaps between Russian APT campaigns and Russian language criminal threat actors and tools.
13Required Skills/Experience:
14
15BA/BS or MA/MS degree or equivalent experience in Computer Science, Information Security, or a related field.
16Demonstrable experience tracking Russian state threats over multiple years
17Knowledge of TCP/IP
18Demonstrable experience of conducting cyber threat investigations
19Scripting experience in Python, Go, Powershell, or Bash
20Practical experience using common threat intelligence analysis models such as MITRE ATT&CK, the Diamond Model, and the Cyber Kill Chain
21Ability to convey complex technical and non-technical concepts in verbal products & excellent writing skills are mandatory
22Highly Desireable Skills/Experience:
23
242 years+ experience in static and dynamic malware analysis
252 years+ experience reverse engineering tools (Ida Pro, OllyDbg)
26Knowledge of Windows operating system internals and the Windows API
27Experience in analyzing both desktop and mobile malware
28Experience in the deobfuscation of malware, analysis of packers, malware decryption techniques
29Basic knowledge of Russian and other CIS intelligence agencies, structures, and past targeting