eSentire is looking for highly capable individuals to be part of a best-in-class cyber threat intelligence team. eSentire is a recognized industry leader and one of Canada’s Fastest-Growing Tech company. We work in a collaborative and innovative work environment with brilliant and passionate people who strive and encourage others to do their best. Join us to gain rewarding and developing career experience with the ability to grow and make an impact from your work.
The successful candidate will report to the Manager of Threat Intelligence and have primary responsibility for delivery of dynamic and static malware analysis services, as well as research into emerging threats/attack techniques. By working collaboratively with the team, you will produce new detection rules and written technical analytical assessments with the outcome of improved abilities to disrupt cybercrime. This is a technical, hands-on role, for a person who enjoys solving complex problems. Along with strong intrusion detection acumen and keen technical skills, a successful candidate should be methodical and apply creative thinking, with the capacity to push conventional boundaries, aiming to deliver state-of-the-art cybersecurity protection services.
- Apply expert-level knowledge to analyze and reverse-engineer malware and exploits using both static and dynamic tools and techniques to develop methods of tracking and detecting criminal activity on the internet.
- Produce high-quality tactical level intelligence analysis of cyber threats and actors in support of the team objectives as well as overall cyber security and network defense operations.
- Provide detailed findings in technical reports with details of the malware, unique identification parameters, and the relationship between a given sample of malware and other known samples/families of malware, or incidents.
- Develop new rules, deliver timely and actionable recommendations, and take all necessary actions to improve the detection, escalation, and containment of cyber security incidents, ensuring that relevant stakeholders are well educated and equipped on addressing breaking to security issues.
- Assist in identification and integration of new collection sources with our Threat Intelligence Platform.
- The manager will assign other duties if required.
- 40% – Intelligence Processing and Reporting
- 40% - Threat Intelligence Escalations
- 20% - Intelligence Dissemination
- Minimum of 3 years of threat research experience or an analytic role of either intrusion detection or network forensics analyst or consultant.
- Experience in performing security incidents detection and handling in an operational environment such as SOC, CSIRT, CERT.
- Strong written and verbal communication skills; ability to understand complex problems while formally presenting them simplistically.
- Experience with application security, network security, reverse engineering, or malware.
- Familiarity with analyzing disassembly of x86 and x64 binaries.
- Ability to use one of the following programming languages: (Java/Ruby/Python/Perl/R).
- Experience with program and system analysis with various tools, including IDA Pro, BinDiff, Ollydbg, PCAP tools.
- Deep technical knowledge of Windows OS internals and common file formats.
- Industry certification in reverse engineering or similar area of expertise.
- Familiarity with analytical models such as Diamond Model, Kill Chain and Attack Trends.
- Familiarity with MITRE’s ATT&CK framework.
- Understanding of the cyber security industry and business problems that need to be solved.
- Work will be in the standard business environment during 9 to 5 office hours (flexible)
- The position does not require the availability for on-call rotation, extended travel, or 24/7 shift coverage.
- In case of emergency working hours might be modified.