Bachelor (EQF 6), Master (EQF 7)
ABOUT THE ROLE:
Group-IB is a partner of INTERPOL, Europol, and a cybersecurity solutions provider, recommended by SWIFT and OSCE. Such partnerships give us advantages in our everyday duties. We make deep research of malware and public presentation of complex research. We participate in IR, perform as experts on conferences and in mass media. Our reports are used by thousands of people all over the world. And now we're looking for a Cyber Threat Intelligence Analyst to join our office in Amsterdam.
GLOBAL TASKS TO SOLVE:
- Research activity of different groups – from state-sponsored APT to financial cybercrimes groups. Our team was actively involved (and in many cases was it’s engine) in the research of groups:
- Working on requests of clients from the whole world – in this context you will perform different things:
- Research of malicious software, including trojans, scripts, exploits and etc.
- Research of network infrastructure of attackers.
- Restore killchain.
- Develop hunting rules.
- Working on improving of company products:
- Research of malicious tools/attackers infrastructure/etc and providing recommendation for company departments.
- Creating of different scripts for automatization of hunting/detecting/etc processes.
- Preparing of stands for testing company products.
- Automatization of research – in this case you could create some unique tools and perform improving of it’s tools by yourself.
- Creating of public articles and presentation, even for speak on different events.
TASKS ON THE DAILY BASIS:
- Research of malware primarily on architecture: x86, x86-64, ARM and OS:
- Windows (including .NET).
- Research another malicious tools including scripts, documents, e-mails and etc.
- Research of different exploits.
- Creating of rules for detecting and hunting of malicious tools – YARA, Suricata, unique company script languages and etc.
- Creating scripts for automatization of analysis for different tools:
- IDA Pro.
- Analytical work during the research of a bunch of malicious tools, attacker infrastructure – for attribution of sample to group/attack, finding the common patterns in different malicious objects and creating of the hunting rules.
- Preparing of reports which include result of above described tasks. Or preparing public articles or presentation or the further public speech.
- Working with VirusTotal, public sandboxes, urlscan, other TI sources and platforms.
APPLY FOR THIS VACANCY IF YOU HAVE THE FOLLOWING QUALIFICATIONS:
- 1 years of experience with reverse engineering and malware analysis.
- Working with RE tools:
- IDA Pro/BinaryNinja/Ghidra/etc.
- x64dbg/Immunity Debugger/OllyDbg/etc.
- Another tools.
- And understanding how to create scripts for automated analysis.
- Working with traffic analysis tools.
- Base knowledge how to work with different scripts language.
- Good knowledge of Python.
- Knowledge of common binary formats.
- Knowledge of common network protocols.
- Common knowledge of exploitation vulnerabilities.
- Knowledge of common cryptographic algorithms.
- Base knowledge of cyber threat industry.
- Good knowledge of technical language and ability to write technical reports.
- Knowledge of techniques used by cyber criminals and malware authors.
- Knowledge of Dutch language on a fluent level is a must.
WHAT ELSE WE APPRECIATE IN OUR TEAM:
- Ability to automate analysis tasks and developing scripts to decode obfuscated data and network communications.
- Experience with using open source intelligence for threat research.
- Experience in Ring0 research/development.
- Experience in Windows/Linux/Android development.
- Experience in sandbox development.
- Experience in writing different behavior rules.
- Experience in creating reports of some group activity.
- Experience in public speaking.
SEND YOUR CV TO: firstname.lastname@example.org