Position Summary: The CERT Threat Analysis group aims to improve malware analysis capability while addressing active and emerging threats. The successful candidate will reverse engineer malicious code in support of high-impact customers, design and develop new analysis methods and tools, work to identify and address emerging and complex threats, and effectively participate in the broader security community.
Responsibilities: Perform in-depth reverse engineering of malicious code, document and transition results in reports, presentations, and technical exchanges; Design, prototype, and transition new analysis methods and tools; Identify and document high-impact, emerging, and complex active security threats; design and pursue solutions; and transition results in tools, reports, presentations, and technical exchanges Participate in the broader security community through collaboration, papers, and presentations.
Minimum Qualifications and Requirements:
Education/Training: Bachelor of Science in Computer Science, Software Engineering, Information Systems, or related field with eight (8) years of experience, or equivalent; Master’s Degree in Computer Science, Software Engineering, Information Systems, or related field with five (5) year of experience; PhD in Computer Science, Software Engineering, Information Systems, or related field with two (2) year of experience.
- Reverse engineering software binaries.
- Using disassemblers (ie. IDA Pro).
- Using debuggers (ie. OllyDbg, Immunity, gdb, WinDbg).
- Using hex editors and tools (ie. BinDiff).
- C/C++ development.
- x86 assembly language.
- Windows Portable Executable (PE) file format Technical Writing Solid understanding of programming languages and operating system concepts.
- technical writing.
- analytical and problem solving skills.
- develop and explain technical decisions.
- prioritize work.
- recognize and deal appropriately with confidential and sensitive information.
- communicate effectively under normal and stressful situations.
- handle shifting priorities.
- mentoring/training skills.
- interact effectively with technical and non-technical audiences both written and verbally.
- work within a closely coordinated team.
- work calmly and well under pressure.
- maintain composure while dealing with difficult people.
Mobility: Primarily sedentary, long periods of sitting; ability to travel to various locations within the SEI and Carnegie Mellon community, customer sites, conferences, and offsite meetings with some frequency.
Environmental Conditions: Normal office conditions, close contact with computer for prolonged periods of time.
Mental: Ability to work under pressure and changing priorities; pay attention to detail; meet inflexible deadlines; deal with difficult individuals while maintaining composure.
Other: Candidate will be required to travel on overnight assignments. Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.
Preferred Qualifications and Requirements:
- IDAPro plug-in or IDAPython development.
- Other assembly languages (ie. ARM, x86_64).
- Python or Java development.
- Assembly development.
- Linker and/or Loader development or analysis Executable and Linker Format (ELF) file format Windows, Linux or Mac OS X.
- APIs and security models.
- Internet Protocols.
- Cryptographic algorithms.
- Kernel-level debugging (ie. WinDbg).
- Device driver development.
- Mobile device development.
- Mobile device reverse engineering.
- Software vulnerability analysis.
- VirtualBox or VMWare admin or development Network packet captures (ie. Wireshark, pcap formats).
Accountability: Develop and implement project technical results. Contribute to program objectives and plans development. Keep in confidence sensitive information such as security, vulnerability, and site information.
Direction: The individual is expected to act independently in accordance with Carnegie Mellon, Software Engineering Institute, CERT Program, and CERT Threat Analysis procedures and policies, such as those involving product development, team interaction, and confidentiality.
Decisions: Must accurately represent the program in interactions with customers, sponsors, and the public. Participate in conferences and workshops where security-related issues are discussed as required.
Supervisory Responsibilities: This position has no supervisory responsibilities.
Job Functions or Responsibilities:
50% Perform in-depth reverse engineering of malicious code, document and transition results in reports, presentations, and technical exchanges;
20% Design, prototype, and transition new analysis methods and tools;
20% Identify and document high-impact, emerging, and complex active security threats; design and pursue solutions; and transition results in tools, reports, presentations, and technical exchanges.
10% Participate in the broader security community through collaboration, papers, and presentations.
100% TOTAL EFFORT
Organizational Chart: CERT Program Director < CERT Threat Analysis Technical Director < CERT Malware Analysis Technical Manager < Malware Reverse Engineer.
Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran.