Topic created on: December 6, 2009 18:09 CST by aeppert .
Malware Analysts Position (Washington D.C. Area)
Analyzing malicious software (Malware) in support of incident analysis and response
Performing dynamic and static analysis and reverse engineering
Providing Malware analysis findings in technical analysis reports
May require travel.
Candidate shall demonstrate advanced knowledge and capability through performing reverse engineering of malicious code to discover vulnerabilities in binaries.
Experience conducting security assessments, penetration testing, and ethical hacking are desirable.
Candidate shall be able to recognize the high level language constructs (such as branching statements, looping functions and network socket code) critical to performing a thorough and professional reverse engineering analysis of a binary.
Advanced capability to analyze malware, including: worms, viruses, trojans, rootkits and bots. Candidate shall demonstrate advanced knowledge to discover vulnerabilities in binaries, including: format string vulnerabilities, buffer overflow conditions, and the identification of flawed cryptographic schemes and binary obfuscation schemes.
Candidate shall demonstrate advanced knowledge of: industry standard compilers; reverse engineering programs; hex editors; binary analysis programs; code coverage analyzers; understanding conditional branching statements; virtual machines and byte code; system vs. code level reversing; branch prediction; memory management ; Win32 executable formats and image sections; advanced runtime analysis of malware; kernel mode debugging; dumping executables from memory; understanding hashing functions ; working with encrypted binaries ; reversing UPX and other compression types; discovering stack overflows; discovering heap overflows; creating a sandbox to isolate malware; unpacking malware; monitoring registry changes; identifying malware communication channels; understanding Digital Rights Management (DRM) implementations.
Experienced in computer security incident activities.
Must be able to obtain and hold a clearance
James Haughom (firstname.lastname@example.org)
Network Security Services