Topic created on: September 30, 2014 12:30 CDT by pedram .
We're EAthe world's largest video game publisher. You're probably familiar with many of our titlesMadden, FIFA, The Sims, Need for Speed, Dead Space, Battlefield and Star Wars, to name a few. But maybe you don't know how we're committed to creating games for every platformfrom social to mobile to consoleto give our consumers that anytime, anywhere access they demand. What does that mean for you? It means more opportunities to unleash your creative genius, be inspired by those around you and ignite your path in any direction you choose.
The Senior Malware Reverse Engineer position is a highly technical role that plays a pivotal role in security risk management across EA. The mission of this role includes, but is not limited to, reverse engineering, intrusions analysis, incident handling, digital forensics, developing thorough incident reports, technical security research and dealing with external partners and interfaces to collaborate on intelligence.
The engineer must have an excellent working knowledge of all aspects of malware reverse engineering, static and dynamic malware analysis, networking, operating systems and technical architectures. Computer forensics (host and network based) and intrusions experience will also prove useful in everyday situations. Patience and the willingness to work long hours when necessary are qualities that are well-suited for this position. The successful candidate will also possess strong written and verbal communication skills as customer facing and teaming skills will be used on a daily basis.
The engineer will be involved in leveraging security related data from internal 'sensors' (e.g. SIEM, firewalls, IDS, routers, proxies, hosts etc.) and external sources (vendors, industry working groups, law enforcement etc.) in an effort to implement effective mitigations, and reviewing appropriate data sources for indications of adversary activity.
This role reports into the Corporate Security Team under the Chief Information Security Officer and maintains strong relations with all Line of Business technology groups. This person will work closely with a number of key individuals and teams including the Global Security Incident Response Manager, Business and Security Operations Centre and Information Security Team to investigate and forensically examine potentially compromised systems as well as identifying alerting and responding to mitigate computer security incidents.
Respond to emerging threats such as APT and other forms of targeted attacks, organized crime that utilize malware etc.
Perform detailed malware reverse engineering of assets, including malware samples in order to identify indicators of compromise that can be detected against.
Perform detailed forensic analysis of assets, including logs, malware samples, hard drive images, etc.
Reconstruct events of a compromise by creating a timeline via correlation of forensic data.
Implement and manage tools and technologies for indicators of compromise and other threat intelligence.
Assemble and coordinate with technical teams and third-party vendors to resolve incidents as quickly and efficiently as possible.
Communicate status of response, resolution and final root cause analysis to the appropriate stakeholders.
Mentor and train more junior analysts in intrusions and intelligence-driven network defense techniques and skills.
Conduct root cause analysis to identify gaps and recommendations ultimately remediating risks to EA.
Communicate effectively with representatives of the Lines of Business, technology specialists, and vendors.
Partner with all EA business lines to investigate internal code of conduct, fraud and other investigations as instructed by the Director of Corporate Security.
Skills, Knowledge, and Abilities
The ideal candidate will have the following skills and experience:
Strong malware analysis experience static and dynamic.
Strong reverse engineering experience.
Problem solving to learn new technical and non-technical analysis techniques to overcome problems.
Ability to self-learn and maintain a strong proficiency in technical tools, countermeasures and techniques.
Understanding of intrusions analysis and incident response.
Industry experience in a large, mission-critical environment.
Strong written and verbal communication skills; ability to understand complex problems while formally presenting them simplistically.
Understanding of host and network based forensics skills.
Strong Unix/Linux experience.
Strong coding experience e.g. Assembly, Perl, VB Script, Python, etc.
Professional level understanding of TCP/IP fundamentals, network protocols, system administration and network architectures.
Understanding of SIEMs e.g. QRadar, ArcSight etc.
Experience conducting detailed log analysis and correlation.
High proficiency with Windows & Linux OS.
Experience working with attack analysis and forensic tools (e.g. Norman Shark G2, Encase, FTK, open source tools).
Ability to identify both tactical and strategic solutions.
Ability to work independently and in a cross functional team.
Ability to assess security incidents quickly and effectively and communicate a course of action to respond to the security incident while mitigating risk and limiting the operational and reputational impact to EA.
Bachelor's Degree in Computer Science or related field.
Must be willing to travel to other EA locations as necessary to support security incidents and intrusions work.
Must be able to understand business strategies that are only defined on a conceptual level.
And be able to interpret their impact on the business area operations, systems and processes with key fringe stakeholders within EA.
The incumbent must effectively interact between the various internal departments and unit executives to accomplish business goals.
Perform multiple critical assignments under deadline pressure in a fast-paced, high volume, office work environment.
Effectively perform work at varying levels to include executive/strategic and detailed/analytical.
Be able to influence culture and organizational change.
Experience in coordinating, working with and gaining the trust of business stakeholders, technical resources, and third-party vendors
Experience in leading meetings, dividing responsibilities, and influencing people to take action to assist in the resolution of security incidents
Job ID: 26421