Binary Defense is seeking a Threat Hunter to join our Threat Hunting Team. The Threat Hunter position requires an experienced, analytical person who understands threat actor techniques used to compromise systems and evade detections. A successful candidate will use strong technical analysis skills to study threat actor techniques, network with other researchers in the security community to share information about threats and develop new tools and detection capabilities to uncover threats in network traffic and endpoint systems. 

The job duties include strong research and analysis skills, including understanding of malware analysis, defense evasion techniques, and engineering of detection capabilities. Threat Hunters produce products such as network detection rules (Snort or Suricata), file pattern matching rules (Yara), and SIEM or EDR threat detection rules (e.g. Splunk, Carbon Black, Azure Sentinel, etc). Threat Hunters hunt for advanced attackers who evade detection by existing security controls, add new detection rules and tune those rules to provide useful results. 

The role also involves writing software tools for internal use, using a variety of scripting or programming languages. The position requires a person who can take ownership, is deadline oriented, highly responsive, and is able to produce high quality work in a fast-paced environment. The role is responsible for producing written work several times a week on a wide variety of cybersecurity topics. Threat Hunters will work closely with the Security Operations Center (SOC) analysts as required to provide assistance with detailed analysis of security events, analysis of malware capabilities, and extraction of indicators of compromise (IOCs) to locate other compromised systems on client networks.

Key Responsibilities:

· Able to perform dynamic and static malware analysis.

· Serve as the primary point of contact for clients to discuss technical threat hunting issues, and mentoring new Threat Hunting team members to grow in their skills and abilities.

· Based on malware analysis results, develop Yara rules to match patterns in malware instructions, patterns to match functions, strings and other sequences.

· Based on malware analysis results, develop network threat signatures to detect malware communication (e.g. Snort, Suricata).

· Proactively research new malware using hunting capabilities on malware repository services such as VirusTotal.

· Keep up to date with the latest threat actor techniques and other cybersecurity topics that are relevant to businesses defending computers and networks from intrusions.

· Perform research and investigations with little to no oversight to locate information that is relevant to clients’ requests.

· Ensure that all written communication is professional, high quality, free of errors and clearly deliver relevant information that is of value to clients.

· Other projects and responsibilities, as assigned by the direct manager

· Associate’s degree or equivalent experience in Computer Science, Information Security, Incident Response, Forensics, or a related field

· Technical understanding of malware analysis techniques and ability to correctly interpret results of malware reverse engineering as it practically applies to threat hunting tasks

· Experience reverse-engineering malware (can be professional or student experience)

· Programming and scripting experience to develop internal tools 

· Experience analyzing obfuscated scripts (e.g. PowerShell, VBA, JavaScript, .Net, etc.)

· Superior research and technical analysis skills

· Excellent writing and verbal communication skills

· Understanding of cybersecurity topics and ability to explain them to others clearly

· Proven track record of independently managing multiple research projects – Accountability, personal initiative, and integrity 

· Ability to take ownership, set priorities, multi-task and meet tight deadlines

· Well-developed problem-solving and interpersonal skills

· Excellent organizational skills with acute attention to detail 

· Performs any other essential function that may occur as directed 

About Binary Defense

Binary Defense, headquartered in Stow, Ohio, is a rapidly growing cybersecurity software and services firm with solutions that include best-in-class Managed Detection & Response powered by a Managed Open XDR platform. The company has a 24/7 Security Operations Center that monitors their own proprietary managed EDR software as well as supporting leadings network, cloud and identity solutions. Advanced threat hunting, defense validation and counterintelligence services provide additional layers of security. Our expert security staff and technology help shield businesses from cyberattacks.

Binary Defense is a fast-paced business that enjoys a relaxed culture (from anywhere in the continental United States) and flexible remote work options. For the fourth year in a row, Binary Defense has been recognized as one of the fastest-growing private companies in the US on the Inc. 5000 list! At the 2022 Greater Cleveland Partnership’s “Best of Tech Awards,” Binary Defense was recognized as the “Best Technology Solution” for the third year in a row. We’ve also been named “North American Partner of the Year” by AT&T Cybersecurity, providing best-in-class SIEM technology and service. Binary Defense recently completed a $36 million growth equity round of funding from Invictus Growth Partners to accelerate our growth and technology and service delivery offerings.

Binary Defense offers competitive medical, dental and vision coverage for employees and dependents, a 401k match which vests every payroll, a flexible and remote friendly work environment, as well as training opportunities to expand your skill set (to name a few!). If you’re interested in joining a growing team with great perks, we encourage you to apply!