Digital Forensics Malware Analyst

Job Description:

As a Malware Analyst at SASSI, who will join our team and support our United States Government client at the customer site Northern, VA / Washington, DC area. The Malware Analyst works closely with stakeholders and other members of the technical team to gather technical requirements and execute on deliverables. The Malware Analyst works with an integrated project team comprised of multiple technical disciplines.


Primary Responsibilities:

In this role, you will:

  • Candidate will perform daily analysis, reverse engineering, and reporting of suspected malicious artifacts to identify:

  • Functions and capabilities of the malware.

  • Vulnerabilities exploited by the malware.

  • Anti-forensic countermeasures (e.g., obfuscation, encryption, anti-debugging measures, conditional execution, etc.).

  • Indicators such as domains, Internet Protocol (IP) addresses, hashes to facilitate countermeasure development; and

  • Perform other analysis capabilities related to this task as specified by client.

  • Candidate will perform digital media (computer digital images, hard drives, removable media triage, etc.) analysis and reporting:

  • Capture memory and hard drive images for the purposes of performing triage analysis of devices which have been potentially breached.

  • Identify vulnerabilities exploited.

  • Perform device analysis to determine what occurred such as, but not limited to: exfiltration, network connections, account access, etc.; and

  • Provide other analysis capabilities related to this task as specified by client.

  • Candidate will perform daily mobile device analysis and reporting:

  • To perform the tasks of mobile devices used for foreign travel for potential maliciousness.

  • Perform device analysis to determine what occurred such as, but not limited to: exfiltration, network connections, account access, etc.; and

  • Other analysis capabilities related to this task as specified by client.

  • Analyzes and assesses infrastructures for potential vulnerabilities that may result from improper configurations, hardware or software flaws, or operational weaknesses.

  • Works closely with the mission organizations to provide guidance, training, and tools necessary for protecting the Cybersecurity Program.

  • Complete additionally any other tasks in connection with the role but not detailed in the current job description, charged by the Project Manager.


Basic Qualifications

  • US Citizen

  • Must be eligible for a Secret clearance

  • Knowledge and/or working experience in cyber security, incident response, forensic investigations, with at least.

  • Knowledge and/or working experience specifically conducting cyber forensic investigation independently.

  • Detailed understanding of computer networking (e.g., TCP/IP, HTTP, SSL) - Strong understanding of Windows internals:

  • XP, Vista, Win 7/8/10 - Python scripting to automate analysis and reverse engineering tasks.

  • Strong knowledge of tools used for malware analysis such as debuggers and disassemblers.

  • Strong understanding of Microsoft System Internals and Windows APIs.

  • Experience with commercial tools, like EnCase, XWay, or Binary Ninja.

  • Experience with Open-source tools, such as Radare2, Metasploit, and OWASP Zap.

  • Experience in IOT debugging - OSCP, GREM, and/or SANS DFIR certifications - iOS/Android experience in vulnerability research.

  • Participation and success in previous cyber flag exercises.

  • 2+ years IDA Pro (or similar tool)

  • 2+ years in debugging and performance tools (windbg/gdb/hex-rays/valgrind)

  • Experience with virtualized environments and able to navigate and use a hybrid cloud to enhance workflows and analysis.

  • Ability to quickly make prioritizations and determinations that lead to actionable decisions.

  • Skilled teammate to work together with a team to produce results quickly.

  • Able to work in a fast-paced environment.

  • Comfortable working in a dynamic and changing environment. Ability to apply creativity and analytical skills to deliver best-in-class solutions despite loosely defined requirements.

  • Works well as part of a team

  • Able to function independently and perform routine task such as:

  • Facilitate meetings, organize conference calls, deliver presentations and so forth

  • Ability to communicate technically complex problems to various audiences.

  • Strong written and oral communication skills, and ability to communicate complex concepts and results to all levels of leadership, internal technology teams and other stakeholders.

*Toolsets and Services will be provided by the Client.


Required Education / Certifications

Candidate must have at least one of the certifications listed below

  • Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or other related discipline.

  • IAM II Certification Level (1)

  • CISSP

  • CompTIA Security+

  • GSEC

  • SCNP

  • SSCP

  • CAP

  • GSLC

  • CISM

  • Industry Certification (1)

  • Certified Penetration Tester (CPT)

  • Certified Expert Penetration Tester (CEPT)

  • Certified Ethical Hacker (CEH)-EC-Council

  • Certified Web Application Penetration Tester (CWAPT)

  • Certified Reverse Engineering Analyst (CREA)

Full Time / Part Time

Full time


Regular / Temporary

Regular


Job Exempt (Yes / No)

Yes