Malware Analyst 100556BR

  • Raytheon
  • Morrisville, North Carolina, United States
  • 01/29/2018

Job Description

Job Description: Raytheon Blackbird Technologies is looking for an individual who will join the security team of a major nationwide organization, with thousands of sites, to continually improve its complex multi-protocol nationwide network. An expert with malware analysis is needed to support the customer team. The ideal candidate for this job will be an experienced information security practitioner who is goal-oriented and strives to exceed expectations.

Raytheon is seeking a Malware Analyst to lead the development and operation of a forensics and malware analysis functional capability in support of ongoing investigative and incident response activities. The successful candidate will have a proven record of identifying and tracking cyber threats, and a technical understanding of the tools, techniques, and procedures used by threat actors. The candidate will dissect exploits, attacker tools and implants in support of incident responders, and will also help develop innovative tools to assist responders and automate malware analysis and reverse engineering efforts.

The Malware Analyst is expected to work with minimal guidance against a broad set of objects to handle a variety of complex assignments and situations. Within established priorities and deadlines, the successful candidate will exercise independent judgment in selecting and applying appropriate methods, procedures, techniques, and practices.

This position will be located near Raleigh, in Morrisville, North Carolina.

Responsibilities will include:

  • Develop an innovative and effective forensics and malware analysis capability to support incident response
  • Develop tools, signatures, and methods of detection for use with response or hunting activities
  • Reverse engineer malware in support incident response and threat intelligence requirements
  • Research and develop methods of tracking and detecting malicious activity within a network
  • Correlate collected intelligence with malware research to build upon a larger knowledgebase of tracked threat activity
  • Present tactical and strategic intelligence about threat actors, methodologies, and motivations based on malware research and incident response activities
  • Prepare and deliver briefings and reports to customer leadership, operational teams, or fellow analysts
  • Support development of finished intelligence reports

Required Skills:

  • Must be eligible to obtain a sensitive clearance – Position of Public Trust – and may be required to obtain a higher security clearance
  • Four (4+) or more years of related experience and a Bachelor's degree are required.
  • Two (2) or more years in an investigative or incident response environment
  • Excellent communication and presentation skills with the ability to present to a variety of external audiences, including senior executives
  • Ability to work with little direct oversight
  • Knowledge of malware analysis and reverse engineering
  • Proficiency with network traffic analysis
  • Deep working knowledge of networking concepts and protocols: TCP/IP, HTTP, HTTPS, DNS, RPC, etc.
  • Maintain current knowledge of tools and best-practices in advanced persistent threats; tools, techniques, and procedures (TTPs) of attackers; and forensics and incident response
  • Experience identifying, analyzing, and interpreting trends or patterns in data sets
  • Working knowledge of file formats such as PE, PDF, SWF, etc.
  • Deep understanding of operating systems and relevant API
  • Knowledge of packers and obfuscation techniques as well as experience defeating anti-analysis techniques
  • Understanding of software exploits
  • Capable of identifying host and network indicators
  • Familiarity with Suricata and/or Snort and YARA
  • Demonstrable experience with reverse engineering tools such as IDA Pro, Ollydbg, Windbg
  • Experience with sandboxing operations and technologies, to include automating analysis operations
  • Familiarity with the use of forensics images and memory dumps in support of incident response
  • Experience developing tools to deconstruct C2 protocols, and decode obfuscated data and network communications
  • Understanding of basic cryptographic concepts and algorithms
  • Ability to recognize and handle sensitive data appropriately
  • Strong leadership skills with the ability to prioritize and execute in a methodical and disciplined manner
  • Ability to set and manage expectations with senior stakeholders and team members
  • Demonstrated ability to manage customer relationships
  • SANS/GIAC Certified Incident Handler (GCIH) desired
  • SANS/GIAC Reverse Engineering Malware (GREM) desired
  • SANS/GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) desired

Desired Skills:
- IT System development experience
- Experience as a network administrator
- Excellent writing skills

Required Education:
Bachelor of Science Degree with a major in Computer Science/Computer Engineering, Engineering, Science or a related field. Two years of related work experience may be substituted for each year of degree-level education.

Desired Certifications:
DODI 8570.01-M Compliance at IAT Level II;
CISSP, Certified Ethical Hacker (C|EH), GCIA, ISSEP, ISSMP, GCIH, GCFA, CSLC, CCNA


Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.

Cyber, Security, All, Warfighter Support Services Raytheon Intelligence, Information and Services delivers innovative technology to make the world a safer place. Our expertise in cyber, analytics and automation allow us to reach beyond what others think is possible to underpin national security and give our global customers unique solutions to solve the most pressing modern challenges -- from the cyber domain to automated operations, and from intelligent transportation solutions to creating clear insight from large volumes of data. IIS operates at nearly 550 sites in 80 countries, and is headquartered in Dulles, Virginia. The business area generated approximately $6 billion in 2016 revenues. As a global business, our leaders must have the ability to understand, embrace and operate in a multicultural world -- in the marketplace and the workplace. We strive to hire people who reflect our communities and embrace diversity and inclusion to advance our culture, develop our employees, and grow our business. JBRaytheon ICJBMeta // SKCYB85