Principal Threat Researcher
Fully Remote Stow, OH
Description

Binary Defense, headquartered in Stow, Ohio, is a rapidly growing cybersecurity software and services firm with solutions that include best-in-class Managed Detection & Response powered by a Managed Open XDR platform. The company has a 24/7 Security Operations Center that monitors their own proprietary managed EDR software as well as supporting leadings network, cloud and identity solutions. Advanced threat hunting, defense validation and counterintelligence services provide additional layers of security. Our expert security staff and technology help shield businesses from cyberattacks.
 

Binary Defense is a fast-paced business that enjoys a relaxed culture (from anywhere in the continental United States) and flexible remote work options. For the fourth year in a row, Binary Defense has been recognized as one of the fastest-growing private companies in the US on the Inc. 5000 list! At the 2022 Greater Cleveland Partnership’s “Best of Tech Awards,” Binary Defense was recognized as the “Best Technology Solution” for the third year in a row. We’ve also been named “North American Partner of the Year” by AT&T Cybersecurity, providing best-in-class SIEM technology and service.  Binary Defense recently completed a $36 million growth equity round of funding from Invictus Growth Partners to accelerate our growth and technology and service delivery offerings.


Binary Defense is seeking a Principal Threat Researcher to join our Threat Hunting Team. The Principal Threat Researcher position requires an experienced, analytical person who regularly reverse-engineers malware, develops custom software tools using scripting languages and understands threat actor techniques used to compromise systems and evade detections. A successful candidate will use strong technical analysis skills to study threat actor techniques, network with other researchers in the security community to share information about threats and develop new tools and detection capabilities to uncover threats in network traffic and endpoint systems. 


The job duties include strong research and analysis skills, including understanding of malware analysis, reverse-engineering, defense evasion techniques, and engineering of detection capabilities. Threat Researchers produce products such as network detection rules (Snort or Suricata), file pattern matching rules (Yara), and SIEM or EDR threat detection rules (e.g. Splunk, Carbon Black, Azure Sentinel, etc). Threat Researchers hunt for advanced attackers who evade detection by existing security controls, add new detection rules and tune those rules to provide useful results. Utilizing new threat intelligence to drive new hunts within clients environments.


The role also involves writing software tools for internal use, using a variety of scripting or programming languages. The position requires a person who can take ownership, is deadline oriented, highly responsive, and is able to produce high quality work in a fast-paced environment. The role is responsible for producing written work several times a week on a wide variety of cybersecurity topics. Threat Researchers will work closely with the Security Operations Center (SOC) analysts as required to provide assistance with detailed analysis of security events, analysis of malware capabilities, and extraction of indicators of compromise (IOCs) to locate other compromised systems on client networks.


Key Responsibilities

· Reverse engineer malware using disassemblers and debugging tools (e.g., IDA Pro, Ghidra, x64dbg, WinDbg, Immunity Debugger, Frida, etc.).

· Serve as the primary point of contact for clients to discuss technical threat hunting issues, and mentoring new Threat Hunting team members to grow in their skills and abilities.

· Based on malware analysis results, develop Yara rules to match patterns in malware instructions, patterns to match functions, strings and other sequences.

· Based on malware analysis results, develop network threat signatures to detect malware communication (e.g. Snort, Suricata).

· Proactively research new malware using hunting capabilities on malware repository services such as VirusTotal.

· Develop new software tools as required by job duties, including software that implements non-standard network communication protocols and encrypts or decrypts data using algorithms discovered from malware analysis results.

· Keep up to date with the latest threat actor techniques and other cybersecurity topics that are relevant to businesses defending computers and networks from intrusions.

· Perform research and investigations with little to no oversight to locate information that is relevant to clients’ requests.

· Ensure that all written communication is professional, high quality, free of errors and clearly deliver relevant information that is of value to clients.

· Other projects and responsibilities, as assigned by the direct manager

Requirements

Education/Experience

· Minimum 10 years experience in Threat Hunting, Security Research, or Incident Response.


Other Knowledge, Skills and Abilities

· Technical understanding of malware analysis techniques and ability to correctly interpret results of malware reverse engineering as it practically applies to threat hunting tasks

· Experience 

· Experience reverse-engineering malware (can be professional or student experience)

· Programming and scripting experience to develop internal tools 

· Experience analyzing obfuscated scripts (e.g. PowerShell, VBA, JavaScript, .Net, etc.)

· Superior research and technical analysis skills

· Excellent writing and verbal communication skills

· Understanding of cybersecurity topics and ability to explain them to others clearly

· Proven track record of independently managing multiple research projects – Accountability, personal initiative, and integrity 

· Ability to take ownership, set priorities, multi-task and meet tight deadlines

· Well-developed problem-solving and interpersonal skills

· Excellent organizational skills with acute attention to detail 

· Performs any other essential function that may occur as directed 


Preferred

· Bachelor’s or Master’s degree in Computer Science with an emphasis on Security

· 10+ years of experience in information security 

· Experience using new threat intelligence to drive intelligence driven threat hunts.

· Experience researching emerging threats and attack vectors being exploited in the wild

· Act as a mentors to other analyst on the team

· Ability to discuss the current threat landscape to customers and make recommendation to improve security posture.

· Experience defeating packers/crypters to unpack malware samples for analysis

· Digital forensics and incident response experience

· Experience using EDR and SIEM tools to hunt for threat actor activity

· Network traffic analysis experience

· Practical cryptography experience: applying existing modules and cryptographic libraries to encrypt and decrypt data



PM21