Malware Reverse Engineer

Job Description

OVERVIEW :

We are seeking a talented Malware Reverse Engineer who is passionate about supporting National Security missions. The ideal candidate appreciates partnering with our customer and a group of cybersecurity experts to build environments and analyze the threat actor intent of malware in support of military intelligence missions.

This position is full time on-site in Annapolis Junction, Maryland.

GENERAL DUTIES :

Perform surface, dynamic, static, manual, and automated analysis on malicious software to determine its nature, capabilities, and potential impact.

Analyze and reverse-engineer compiled executable code to understand its interactions with the environment and gain intelligence on its function and behavior.

Evaluate malware attack capabilities, including transmission characteristics, attributes, and the intended purpose of the software, to understand its threat potential.

Work closely with intelligence professionals to interpret the threat's intentions and capabilities and prepare detailed reports and studies on these findings.

Additionally, provide technical expertise on the necessary hardware and software environments for effective malware triage and analysis.

REQUIRED QUALIFICATIONS :

Clearance : SCI within last 2 years.

Four or more years of experience in a Reverse Engineering role

Four years of experience with program languages such as C / C++ and Python.

Four years of experience with machine architecture, operating system internals, file system and memory management, and assembly language (x64, ARM, MIPS).

Proficient with static and dynamic reverse engineering techniques such as disassembly / decompilation, imports, strings, process monitoring, file system monitoring, network traffic capture, debugging, sandboxing, unpacking and deobfuscation.

Skilled at analyzing compiled and interpreted programming languages.

Experience with tools like IDA Pro, Ghidra, Hopper, Binary Ninja, Frida, PE Explorer, objdump, etc.

Familiar with dynamic tools used for monitoring malware behavior. Experience with tools like kernel and process debuggers, process explorer, Wireshark.

Familiarity with automated analysis systems (e.g. Cuckoo Sandbox) and open-source intelligence resources (e.g. VirusTotal) for initial triage and quick identification of well-known malware.

Ability to write detailed technical reports on analysis findings and to present reports to stakeholders.

Familiarity with MITRE ATT&CK framework, TTPs, IOCs, and CVEs to provide standard nomenclature.

Familiarity with threat sharing platforms (MISP) and threat intelligence interchange standards (STIX, TAXII)

DESIRED QUALIFICATIONS :

Clearance : Polygraph within last 5 years

Education : Bachelor's degree or higher in Computer Science, Information Systems, or a related field.

Certification : Certified Ethical Hacker (CEH)

Malware sandbox analysis and forensics.

Ability to construct analysis sandboxes and to simulate necessary infrastructure to enable malware samples to execute (such as simulating Internet connectivity and DNS resolution).

Ability to perform forensic analysis of sandbox environment to detect changes made by the malware sample during dynamic analysis.

This includes detecting new, deleted, or modified files, changes to system settings, configurations, or registry entries, creation of new user accounts, open network ports, etc.

Ability to use hex editors to modify malware samples in order to bypass anti-reversing logic. This includes logic that detects attached debuggers, virtual environments, excessive delays in process execution, etc.

Ability to capture network and signals transmissions and to analyze the content of those transmissions. To include wired and wireless transmissions (Ethernet, Wi-Fi, Bluetooth, NFC, RF, etc.).

Hardware reverse engineering.

Ability to identify components and pathways attached to printed circuit boards (data and power).

Ability to identify and map pin-out configurations of chips.

Ability to connect to and monitor signals in and out of chips and convert those into binary data, ability to dump firmware images from hardware devices.

Ability to identify hardware analysis requirements and tooling needs for hardware reversing.

Ability to identify hardware anti-tamper mechanisms to prevent bricking or destruction of the device.

CLEARANCE : TS / SCI minimum

TS / SCI minimum

About Procession Systems

About us