Req ID 255448BR
Industry Job Title Malware Analyst
Job Code/Title E2553:Cyber Intel Analyst Sr
Job Description As a Malware Analyst (sometimes called a Reverse Engineer) supporting the US-CERT, candidate examines malicious software, such as bots, worms, and trojans to understand the nature of their threat. This task usually involves reverse-engineering the compiled executable and examining how the program interacts with its environment. The analyst may be asked to document the specimen's attack capabilities, understand its propagation characteristics, and define signatures for detecting its presence.
Applies an understanding of the information security, cyber security, and operational characteristics of a variety of computer platforms, networks, software applications, and operating systems
Ability to explain to others the methods and techniques used in assigned work.
Evaluates and assesses operating practices to determine adequate risk management and compliance standards.
Is responsible for contributing with limited supervision, to projects, programs, and initiatives with medium-threat and moderate scope. This is a 24/7 program and has three shifts. The shift for this position is yet to be determined.
Basic Qualifications The successful candidate must:
1. Hold information security certification especially Global Information Assurance Certification(GIAC)Reverse Engineering Malware (GREM) and GIAC Certified Forensics Analyst(GCFA).
2. Hold TS Clearance with (in order of preference) active SCI, previous SCI, or eligible for SCI.
3. Have excellent written and oral communications skills.
4. Have sufficient reverse engineering/malware knowledge to work with minimal supervision and guidance and able to follow directions of senior engineers in all aspects of malware analysis.
5. Possess some of the following skills:
a. Assemble the toolkit for malware forensics
b. Perform behavioral analysis of malicious Windows executables
c. Perform static and dynamic code analysis of Malicious Windows executables
d. Intercept system and network-level activities in the analysis lab
e. Patch compiled malicious Windows executables
f. Shortcuts for speeding up malware analysis
g. Core concepts for reverse-engineering malware at the code level
h. x86 Intel assembly language understanding
i. Identify key x86 assembly logic structures with a disassembler
j. Patterns of common malware characteristics at the Windows API level
k. Work with PE headers of malicious Windows executables
l. Handle DLL interactions and API hooking
m. Manual unpacking of protected malicious Windows executables
n. Capability to subvert anti-analysis mechanisms built into malware
o. Analyze protected malicious browser scripts written in JavaScript and VBScript
p. Reverse-engineer malicious Flash programs
q. Analyze malicious Microsoft Office (Word, Excel, PowerPoint) and Adobe PDF documents
r. Examine shellcode in the context of malicious files
s. Analyze memory to assess malware characteristics and reconstruct infection artifacts
t. Use memory forensics to analyze rootkit infections.
Desired skills 1. Demonstrate experience in a Dept. of Homeland Security (DHS) information technology environment especially the US-CERT environment.
2. Understanding of Einstein capabilities and operation.
3. Understanding of US-CERT processes, business rythmns, reporting, and associated tools especially those used in incident handling/processing.
4. Experience with incident analysis tools such as:
a. Encase
b. ByteBack
c. Sleuth Kit
d. Autopsy
e. Maresware
f. The Coroner's Tool Kit
g. Paraben
Security Clearance TS/SCI
LMCareers Business Unit ESS0997 IS&GS-CIVIL (S8200)
Business Area Info Systems & Global Sol
Program QinetiQ/US-CERT
Department 7248024:BPS - CRM Programs
Job Class Information Security/Information Assurance
Job Category Experienced Professional
City Arlington
State Virginia
City/Building Location US-CERT, 1110 N Glebe Road 9th Floor Arlington, VA 22201
Virtual No
Relocation Available Possible
Work Schedule FLEX-Non-Standard 40 hour week
Req Type Blue Sky
Direct/Indirect Direct
Shift First