Threat Researcher/Hunter (remote)
Fully Remote Stow, OH


Binary Defense, headquartered in Stow, Ohio, is a rapidly growing cybersecurity software and services firm with solutions that include SOC-as-a-Service, proprietary Managed Detection & Response software, Security Information & Event Management, Threat Hunting, and Counterintelligence. Our expert security staff helps shield businesses from cyberattacks. 

Named a Cleveland Plain Dealer Top Workplace in 2020 and a top 10 software developer in Northeast Ohio by Crain’s, Binary Defense is a fast-paced business that enjoys a relaxed culture and on-site perks. For the third year in a row, Binary Defense has been recognized as one of the fastest-growing private companies in the US! Ranking at 2,985 on the Inc. 5000 list for 2021, Binary Defense is proud of its position as the only security firm in Ohio to make the list. The company ranks among the top 100 in Ohio for growth, and in the top 25 in the Northeast Ohio region.  At the Greater Cleveland Partnership’s “Best of Tech Awards,” Binary Defense was recognized as the “Tech Company of the Year” and “Best Tech Services Company” in Northeast Ohio. 

The Threat Researcher position requires an experienced, analytical person who regularly reverse-engineers malware, develops custom software tools using scripting languages and understands threat actor techniques used to compromise systems and evade detections. 

A successful candidate will use strong technical analysis skills to study threat actor techniques, network with other researchers in the security community to share information about threats and develop new tools and detection capabilities to uncover threats in network traffic and endpoint systems. The job duties include strong research and analysis skills, including understanding of malware analysis, reverse-engineering, defense evasion techniques, and engineering of detection capabilities. 

Threat Researchers produce products such as network detection rules (Snort or Suricata), file pattern matching rules (Yara), and SIEM or EDR threat detection rules (e.g. Splunk, Carbon Black, Azure Sentinel, etc). Threat Researchers hunt for advanced attackers who evade detection by existing security controls, add new detection rules and tune those rules to provide useful results. 

The role also involves writing software tools for internal use, using a variety of scripting or programming languages. The position requires a person who can take ownership, is deadline oriented, highly responsive, and is able to produce high quality work in a fast-paced environment. The role is responsible for producing written work several times a week on a wide variety of cybersecurity topics. 

Threat Researchers will work closely with the Security Operations Center (SOC) analysts as required to provide assistance with detailed analysis of security events, analysis of malware capabilities, and extraction of indicators of compromise (IOCs) to locate other compromised systems on client networks.


Key Responsibilities

· Reverse engineer malware using disassemblers and debugging tools (e.g., IDA Pro, Ghidra, x64dbg, WinDbg, Immunity Debugger, Frida, etc.)

· Develop threat hunting hypothesis based on research, and conduct threat hunts remotely in clients’ SIEM systems

· Test attack techniques in a controlled lab environment to find detections and active countermeasures against emerging threats

· Share research with the Information Security community through blogs, webinars, conference presentations

· Advance knowledge and skills by attending training and conferences and sharing with other team members

· Other projects and responsibilities, as assigned by the direct manager




· Relevant experience performing reverse engineering and malware research

· Experience threat hunting or incident response professionally as part of a team

· Experience working with other researchers in the community to proactively identify emerging threats

· Experience with red team / offensive security skills to support novel threat research (can be personal research experience, not necessary to have been a professional red team operator)

· Software development using any of the following: Python, Golang, C#, C, or C++

· Strong network analysis skills

· Experience working with SIEM systems, writing query statements

Other Knowledge, Skills and Abilities

· Excellent communication skills – ability to convey technical information clearly 


· SOC Security Analyst experience preferred

· Splunk and/or Microsoft Azure Sentinel experience preferred

· GIAC Reverse Engineering Malware (GREM) certification preferred

· Computer Science, Computer Forensics, or Cybersecurity degree may be helpful but not required