The Sr Security Researcher is a self-starting and motivated analyst on Arete s Cyber Threat Intelligence team
This position is primarily focused on performing countermeasure development, threat hunting and profiling, malware analysis, analyzing threats, and tracking known adversaries and emerging threats
The role will contribute to the research and publication of threat insights, internal work products, as well as intelligence products to be used by Arete s customers and stakeholders
A successful analyst has an advanced technical skill set and thrives on learning the technical aspects of the tactics, techniques, and procedures leveraged by threat actors, developing solutions to challenging problems
Work may occasionally include after-hours intelligence support during major engagements
Roles & Responsibilities
Develop countermeasures, tools, and methods of detection to be used for threat hunting and incident response activities.
Threat hunting in Endpoint Detection and response (EDR) telemetry data.
Perform malware analysis.
Identify cyber threats, trends, and new malware families and threat actor groups by analyzing Arete s case reports, MDR & SOC escalations, sandbox submissions, and raw and open-source intelligence.
Identify and report on the current and changing Tactics, Techniques, and Procedures (TTPs) used by cyber threat actors.
Create finished intelligence analysis for internal and external customers through written reporting, blogs, and industry insights to help reinforce Arete as a thought leader in cyber threat intelligence.
Inform various business units within Arete about new threat actor TTPs.
Create compelling internal reports and presentations from analysis results.
Uncover adversary activity not detected by current detection mechanisms.
Identify intelligence and technology gaps.
Contributes to the development and enhancement of threat intelligence tools, technologies, and processes to improve automation, data analysis, intelligence sharing, and service offerings.
Provide tactical intel and analysis support for MDR, DFIR, and SOC business units.
Create detailed process documentation of analysis workflows to help maintain and update our Standard Operating Procedures for continuous process improvement.
Coach and mentor junior analysts and interns.
May perform other duties as assigned by management.
Skills & Knowledge
Motivated and self-starter with a passion for countermeasure development, malware analysis, and cyber threat intelligence.
Ability to produce high-quality finished work products within short deadlines.
Knowledge of how malware is developed, functions, and is employed by cybercrime threat actors.
Ability to work remotely under a minimal supervision environment maintaining high-quality analytical production and excellent relationships with stakeholders.
Desire to extend knowledge of threat actor TTPs.
Understanding of the tools and techniques used by cybercrime threat actors.
Ability to analyze various file types such as C/C++, .NET, Visual Basic scripts, Java scripts, Powershell scripts, Malicious documents, Webshells, Shellcode, packed and obfuscated code.
Knowledge of:
Different Crimeware, Ransomware, Bots, Commodity, and Nation-State malware families.
Vulnerability exploitation and detection.
Various open-source and commercial malware analysis tools and Sandbox systems.
Network traffic analysis, Memory analysis, and Log analysis.
Encoding and encryption algorithms.
Anti-analysis techniques and patching code to bypass checks.
Disassemblers and debuggers.
Working in a fast-paced environment with Digital Forensics and Incident Responders.
Job Requirements
Bachelor or higher degree in engineering, computer science, information assurance, cyber intelligence, or other cybersecurity-related studies.
5-7 years of relevant work experience.
Experience writing Yara rules and regular expressions.
Working with ransomware and ransomware precursors and identifying key indicators of compromise.
Experience profiling threats, preferably cybercrime threats like ransomware and ransomware precursors.
Experience with EDR technology, threat hunting, automated malware analysis sandbox systems, and countermeasure development (e.g., SentinelOne).
