Malware Analyst SME
Resource Management Concepts, Inc.
Quantico, virginia
Job Details
Full-time
Full Job Description
Resource Management Concepts, Inc. (RMC) provides high-quality, professional services to government and commercial sectors. Our mission is to deliver exceptional management and technology solutions supporting the protection and preservation of the people and environment of the United States of America.
RMC is hiring a well-rounded Tier 3 – Malware Analyst Subject Matter Expert (SME) to conduct an analysis of digital evidence to support computer security incidents to derive useful information in support of system/network vulnerability mitigation.
The selected applicant will perform a variety of activities including but not limited to:
- Perform technical analysis or malicious binaries through controlled execution and/or static analysis of assembly code, overcoming techniques designed to defeat analysis, to ascertain functionality, capability, call-backs, assist with attribution to adversary infrastructure, and identification of indicators of compromise.
- Write and produce high quality technical reports related to the scope, nature, and characteristics of malicious software suitable for distribution to both technical and non-technical audiences.
- Conduct analysis of digital evidence to support computer security incidents to derive useful information in support of system/network vulnerability mitigation.
- Support incident investigation by employing appropriate techniques in Surface Analysis, Runtime Analysis, and Static Analysis of suspected malware.
- Support the development of new detection capabilities by integrating the results of malware and forensic analysis tasks into new and existing detection use cases in order to prevent future occurrences.
- Analyze malware to determine its capabilities, intent, indicators, and origin.
- Confirm what is known about an intrusion and discovering new information using industry-standard malware and digital forensic analysis techniques.
- Utilize forensically sound procedures such as duplication of the evidence (i.e., forensic image) to ensure the original evidence is not modified.
- Interface with external organizations to ensure appropriate and accurate dissemination of the investigation and other cyber defense information.
- Assist with Incident Response tasks as needed.
- Demonstrate effectiveness by successfully analyzing files and artifacts related to Red Team (penetration testing) activity.
Requirements
- Active TS/SCI (DoD TOP SECRET clearance with SCI eligibility) is required. Applicant selected will be subject to security investigation(s) and must maintain eligibility requirements for access to classified information.
- Bachelor’s degree in Computer Science or IT-related field, OR at least five (5) years of demonstrated experience with DCO tools, tactics, and techniques in a large enterprise environment.
- DoD 8140.03 IAT Level III certification (CASP+, CCNP Security, CISA, CISSP or Associate, GCED, GCIH, CCSP). Must be valid/current.
- CSSP Incident Responder certification (Must have ONE of the following certs: CEH, CFR, CCNA Cyber Ops, CCNA Security, CHFI, CySA+ CE, GCFA, GCIH, SCYBER, PenTest+ CE).
- GIAC Reverse Engineering Malware (GREM) certification (or industry equivalent) within 180 days of start.
- Five (5) years' experience performing malware analysis.
- Experience handling National State-level intrusions is a must.
- Experience with malware analysis using static and dynamic analysis tools, including disassemblers, debuggers, and virtual machines.
- Experience with monitoring threats through Tools, Techniques, and Procedures (TTP's) and how they relate to the MITRE ATT&CK framework.
- Experience with Windows internals such as the Windows Application Interface (APIs), processes, threads and the registry.
- Experience with Linux and comfortable traversing the terminal.
- Knowledge of common attacker methodologies and exploit techniques.
- Knowledge of network protocols and networking concepts.
- Knowledge of x86 and x64 instruction set architectures.
- Ability to analyze shellcode, packed and obfuscated code.
This position is considered essential and will be required to report during hazardous weather, power outages, fuel shortages, pandemics, and other emergencies.
Benefits
At RMC, we're committed to your career growth! RMC differentiates itself from other firms through its investment in our employees. We invest our resources to train, certify, educate, and build our employees.
RMC can offer you a great place to work with a small company feel and give you the experience, tuition assistance, and certifications that will take your career to the next level. We offer Monday to Friday full-time day shift work, and can assist in paid relocation. This also includes a competitive paid vacation package with 11 paid federal holidays. Additionally, we also offer high-quality, low-deductible healthcare plans, pet insurance, and a competitive 401K package.