Back to all jobs

Principal Malware Analyst

Red Canary

Aug 23

Who We Are
Red Canary was founded to create a world where every organization can make its greatest impact without fear of cyber attack. Our combination of market-defining technology, processes, and expertise are preventing breaches every day. We are completely changing the way security is delivered and setting the new standard for security. If our mission resonates with you, let’s talk!  

What We Believe In
- Do what’s right for the customer
- Be kind and authentic
- Deliver great quality
- Be relentless

Challenges You Will Solve
The quickly-growing Red Canary Intelligence Team strives to be the industry leader in operational threat intelligence as we produce intelligence to enable Red Canary, our customers, and the community to make better decisions. We work to make the intelligence we share actionable and impactful for detection and response as we continue to push the boundaries in close cooperation with operations, threat research, and engineering. You will serve an integral role in helping the team analyze what adversaries are doing so that we can produce actionable intelligence.

What You’ll Do

    • Build on existing malware analysis practices to create a repeatable malware analysis workflow, including considerations around prioritization, triage, and outputs.
    • Suggest and implement new methods, processes, tools, and deliverables that the team could adopt to help us improve and better achieve our mission.
    • Perform in-depth static analysis and reverse engineering of malware samples to extract all relevant indicators, behaviors, and capabilities.
    • Perform dynamic analysis and triage on suspected malicious samples for the purpose of confirming malicious behavior and to extract relevant indicators of compromise and other findings.
    • Assist intelligence analysts with investigating raw telemetry, potential malicious activity, and confirmed threat detections for the purpose of identifying threats, providing context, and informing decisions about detection and response.
    • Perform open and closed source research to associate malware samples and/or malicious activity to known threats.
    • Assess code similarity among known malware families as well as patterns in identified malware and detections. Assist intelligence analysts in identifying new activity clusters.
    • Perform proactive research and hunting to identify similar malware samples from open and closed source data sets.
    • Work with intelligence analysts to communicate malware analysis findings, identify overlaps and patterns between different malware samples and families, and recommend detection and response actions.
    • Supplement Intelligence Profile documents with detailed, technical context.
    • Partner with detection engineers to help contextualize and implement robust detector logic.
    • Write reports and communicate actionable insights based on analysis, both internally and externally to customers.
    • Share information with the community as you have a desire to do so, including via blog posts and/or presentations. Collaborate with external malware researchers while understanding and mitigating risks of sharing.
    • Service requests from incident handlers to provide more details about malware indicators and capabilities discovered within customer environments. Communicate directly with customers as requested.
    • Serve as a mentor and coach for other malware analysts.

What You’ll Bring

    • A desire to work collaboratively with intelligence analysts as part of a team
    • The ability to coach and mentor other malware analysts on how to perform high-quality analysis
    • The ability to proactively identify and recommend solutions to problems
    • The ability to proactively and independently produce high-quality deliverables that require little review before broad dissemination
    • The ability to lead other analysts to successfully complete scoped projects
    • The ability to clearly communicate complex malware concepts and answer challenging questions for customers, including the ability to re-scope requests to better meet requirements
    • Demonstrated initiative to tackle and solve problems
    • Experience performing dynamic and static analysis of malicious compiled and script-based code
    • Familiarity with operating system internals
    • The ability to communicate highly technical concepts in a clear, succinct fashion to non-subject matter experts, both verbally and in writing
    • Familiarity with the mechanics of attack techniques and behaviors as implemented in malicious code
    • Knowledge of x86 and x86-64 assembly language syntax and semantics
    • Familiarity with multiple executable file formats (e.g. PE, Mach-O, ELF)
    • Experience writing or using YARA rules
    • A strong understanding of endpoint process telemetry and experience working with EDR tools
    • Familiarity with using MITRE ATT&CK(R)
    • Experience analyzing obfuscated script and compiled code
    • Experience with script and compiled code deobfuscation
    • Experience differentiating legitimate software from suspicious or malicious software and the ability to speak to confidence levels and evidence for those assessments
    • Experience with software development (preferred, not required)
    • An understanding of fundamental intelligence concepts such as attribution, group naming, and assessments (preferred, not required)
Targeted base salary range: $175,000 - $200,000 + bonus eligibility and equity depending on experience

Why Red Canary?
Red Canary is where people embody our mission to improve security outcomes for all. People work hard to maintain a culture that encourages authenticity in order to do your best work. Our people are driven and committed to finding the best security outcomes, delivering real and actionable answers, and being transparent along the way. 

At Red Canary, we offer a very rich benefits program to our full-time team members so they can focus on their families and improving our customers’ security. For a full list of benefits, please review our Benefits Summary: 

Individuals seeking employment at Red Canary are considered without regard to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation.