Leidos Cybersecurity Intelligence & Response Center has an immediate opening for an experienced, and motivated Malware Reverse Engineer to work from our Gaithersburg – MD location.
As a Malware Reverse Engineer, you will be focused on defending Leidos’ global networks through threat hunting, and tactical analysis of ongoing attacks by criminal and nation state actors. In this role, you will perform malware analysis and reverse engineering in support of incident response, investigative analysis, and research on existing and emerging cyber threats, particularly those directed against Leidos’ global networks. You will be expected to "think like an adversary" and engage in threat hunting operations leveraging your understanding of the tactics, techniques and procedures employed by advanced threats combined with intelligence from multiple sources.
Additionally, you will provide reporting and briefings to other teams and leadership in order to maintain appropriate levels of situational awareness, and contribute to technical innovation to further evolve Leidos’ defensive capabilities and methodologies.
– Use expertise in malware reverse engineering and analysis to evaluate and analyze complex malicious code through the use of tools, including disassemblers, debuggers, hex editors, un-packers, virtual machines, and network sniffers.
– Conduct reverse-engineering for known and suspected malware files. Investigate instances of malicious code to determine attack vector and payload, and to determine the extent of damage and data exfiltration.
– Perform research in the area of malicious software, vulnerabilities, and exploitation tactics, and recommend preventative or defensive actions.
– Produce reports detailing attributes and functionality of malware, and indicators that can be used for malware identification/detection, to include behavior, identified infrastructure used for command and control, and mitigation techniques. Analyze the relationship between a given sample of malware and other known samples/families of malware, and notable features that indicate the origin or sophistication of the malware and its authors.
– Develop network and host based signatures to identify specific malware. Recommend heuristic or anomaly based detection methods.
– Provide subject matter expertise in the detection, analysis and mitigation of malware, trends in malware development and capabilities, and proficiency with malware analysis capabilities.
– Support the maintenance of malware analysis platforms and tool sets, identify requirements for new malware analysis capabilities, and contribute to the development of new malware analysis tools and techniques.
– Bachelor’s degree and minimum 8 years of relevant experience, including performing software and malware reverse engineering, and forensics investigations. Additional years of relevant experience will be considered in lieu of a degree.
– Demonstrated experience using Commercial (IDA Pro, Hex-Rays, WinDbg, etc.) and Open Source (OllyDbg, Radare, GDB, etc.) malware analysis tools.
– Demonstrated experience reverse engineering and analyzing binaries of various types including: x86, x64, ARM (32 and 64 bit), C, C++, .NET, and Delphi
– Ability to analyze shellcode, and packed and obfuscated code, and their associated algorithms.
– Understanding of common attacker methodologies and exploit techniques.
– Capable of Python scripting to automate analysis and reverse engineering tasks
– Strong understanding of network protocols and networking concepts
– Strong understanding of Windows Operating System Internals and Windows APIs
– Strong understanding of the PE file format and experience parsing structured or unstructured data
– Strong initiative, problem solving, and critical thinking skills.
– Understanding of behavioral based threat models, including ATT&CK, Cyber Kill Chain, Diamond Model, etc.
– Certifications: Certified Reverse Engineering Analyst (CREA), GIAC Reverse Engineering Malware (GREM).
– Familiarity with Linux OS and mobile iOS/Android forensics.
– Experience with Windows system programming, driver development and/or IDAPython.
– Demonstrated experience writing code (C, C++, Python, Perl, Java, etc.).
– Experience in cryptography or cryptanalysis
– Experience developing advanced technological ideas and guiding their development into a final product.
– Capable and comfortable communicating actionable threat intelligence to both technical and executive-level stakeholders.
– Experience in a security intelligence center or similar environment tracking threat actors and responding to incidents.
– Previous experience as a vulnerability or threat researcher and/or intelligence analyst.
– Published research papers at conferences or through other mediums (blogs, articles).
– Working knowledge of Computer Network Exploitation (CNE), Computer Network Attack (CNA) and Computer Network Defense (CND) tools and techniques.
– A deep understanding of advanced cyber threats targeting enterprises, along with the tools, tactics, and procedures used by those threats.
– Experience applying threat and data modeling, advanced data correlation, and statistical analysis to develop alerts, notable events, investigative dashboards, and metrics driven reports.
– Understanding of software engineering methodologies.
Leidos is a global science and technology solutions leader working to solve the world’s toughest challenges in the defense, intelligence, homeland security, civil, and health markets. The company’s 33,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported pro forma annual revenues of approximately $10 billion for the fiscal year ended January 1, 2016 after giving effect to the recently completed combination of Leidos with Lockheed Martin’s Information Systems & Global Solutions business (IS&GS). For more information, visit www.Leidos.com. The company’s diverse employees support vital missions for government and commercial customers. Qualified women, minorities, individuals with disabilities and protected veterans are encouraged to apply. Leidos will consider qualified applicants with criminal histories for employment in accordance with relevant Laws. Leidos is an Equal Opportunity Employer.