Key skills
FirewallsLinuxOpen SourceTCP/IPUnix
About this role
Role Overview
- Assesses, prioritizes and takes action on requests that improve existing Security Operation Center (SOC) tools and procedures
- Partners with management to coordinate security incident response efforts to communicate information, drive resource actions and decisions, provide recommendations, and ensure resolution
- Evaluates and analyzes complex malicious code through the use of tools including disassemblers, debuggers, hex editors, un-packers, virtual machines and network sniffers
- Conducts reverse-engineering for known and suspected malware files
- Investigates instances of malicious code to determine attack vector and payload, and to determine the extent of damage and data exfiltration
- Performs research in the area of malicious software, vulnerabilities, and exploitation tactics, and recommend preventative or defensive actions
- Produces reports detailing attributes and functionality of malware, and indicators that can be used for malware identification/detection, to include behavior, identified infrastructure used for command and control, and mitigation techniques
- Analyses the relationship between a given sample of malware and other known samples/families of malware, and notable features that indicate the origin or sophistication of the malware and its authors
Requirements
- 2-3 years' experience as Security Operations Center (SOC) Analyst including Incident Response and Handling roles
- Experience in Malware Reverse Engineering and Sandboxing
- Experience with IBM QRadar
- Significant experience with Linux, TCP/IP, UNIX, MS-Windows, IP Routing, Firewalls and IPS
- Understanding of behavioral based threat models, including ATT&CK, Cyber Kill Chain, Diamond Model, etc.
- Deep understanding of advanced cyber threats targeting enterprises, along with the tools, tactics, and procedures used by those threats
- Demonstrated experience using Open Source (OllyDbg, Radare, GDB, etc.) malware analysis tools
- Ability to analyze shellcode, and packed and obfuscated code, and their associated algorithms
- Ability to develop network and host based signatures to identify specific malware. Recommend heuristic or anomaly based detection methods
- Subject matter expertise in the detection, analysis and mitigation of malware
- Experience with Information Security Research, Malware Reverse Engineering, Cyber Threat Analysis, Windows Operating System and Data Analysis
- Knowledge of Research skills, Technical Writing, Information Security Research, Security Incident Response, Security Risk Assessment/Analysis
- Bachelor's Degree or International equivalent
- Preferred
Tech Stack
- Firewalls
- Linux
- Open Source
- TCP/IP
- Unix
Benefits
- UPS is committed to providing a workplace free of discrimination, harassment, and retaliation
- Employer will sponsor visas for specific positions
- UPS is an equal opportunity employer