Be Challenged and Make a Difference
In a world of technology, people make the difference. We believe if we invest in great people, then great things will happen. At AnaVation, we provide unmatched value to our customers and employees through innovative solutions and an engaging culture.
Description of Task to be Performed: AnaVation is looking for a talented Malware Reverse Engineer who is passionate about supporting National Security missions. The ideal candidate appreciates partnering with our customer and a group of cybersecurity experts to build environments and analyze the threat actor intent of malware in support of military intelligence missions. This position is full time on-site in Annapolis Junction, Maryland.
Position Responsibilities: Perform surface, dynamic, static, manual, and automated analysis on malicious software to determine its nature, capabilities, and potential impact. Analyze and reverse-engineer compiled executable code to understand its interactions with the environment and gain intelligence on its function and behavior. Evaluate malware attack capabilities, including transmission characteristics, attributes, and the intended purpose of the software, to understand its threat potential. Work closely with intelligence professionals to interpret the threat's intentions and capabilities and prepare detailed reports and studies on these findings. Additionally, provide technical expertise on the necessary hardware and software environments for effective malware triage and analysis.
Required Qualifications:
-
Clearance: U.S. Citizen, SCI within last 2 years.
-
Location: Full time on-site in Annapolis Junction, Maryland.
- Experience and knowledge:
- Four or more years of experience in a Reverse Engineering role
- Four years of experience with program languages such as C/C++ and Python.
- Four years of experience with machine architecture, operating system internals, file system and memory management, and assembly language (x64, ARM, MIPS).
- Proficient with static and dynamic reverse engineering techniques such as disassembly/decompilation, imports, strings, process monitoring, file system monitoring, network traffic capture, debugging, sandboxing, unpacking and deobfuscation.
- Skilled at analyzing compiled and interpreted programming languages.
- Experience with tools like IDA Pro, Ghidra, Hopper, Binary Ninja, Frida, PE Explorer, objdump, etc.
- Familiar with dynamic tools used for monitoring malware behavior. Experience with tools like kernel and process debuggers, process explorer, Wireshark.
- Familiarity with automated analysis systems (e.g. Cuckoo Sandbox) and open-source intelligence resources (e.g. VirusTotal) for initial triage and quick identification of well-known malware.
- Ability to write detailed technical reports on analysis findings and to present reports to stakeholders.
- Familiarity with MITRE ATT&CK framework, TTPs, IOCs, and CVEs to provide standard nomenclature.
- Familiarity with threat sharing platforms (MISP) and threat intelligence interchange standards (STIX, TAXII)
Preferred Qualifications:
-
Clearance: Polygraph within last 5 years
-
Education: Bachelor's degree or higher in Computer Science, Information Systems, or a related field.
-
Certification: Certified Ethical Hacker (CEH)
- Malware sandbox analysis and forensics.
- Ability to construct analysis sandboxes and to simulate necessary infrastructure to enable malware samples to execute (such as simulating Internet connectivity and DNS resolution).
- Ability to perform forensic analysis of sandbox environment to detect changes made by the malware sample during dynamic analysis. This includes detecting new, deleted, or modified files, changes to system settings, configurations, or registry entries, creation of new user accounts, open network ports, etc.
- Ability to use hex editors to modify malware samples in order to bypass anti-reversing logic. This includes logic that detects attached debuggers, virtual environments, excessive delays in process execution, etc.
- Ability to capture network and signals transmissions and to analyze the content of those transmissions. To include wired and wireless transmissions (Ethernet, Wi-Fi, Bluetooth, NFC, RF, etc.).
- Hardware reverse engineering.
- Ability to identify components and pathways attached to printed circuit boards (data and power).
- Ability to identify and map “pin-out” configurations of chips.
- Ability to connect to and monitor signals in and out of chips and convert those into binary data, ability to dump firmware images from hardware devices.
- Ability to identify hardware analysis requirements and tooling needs for hardware reversing.
- Ability to identify hardware anti-tamper mechanisms to prevent bricking or destruction of the device.
Benefits
· Generous cost sharing for medical insurance for the employee and dependents
· 100% company paid dental insurance for employees and dependents
· 100% company paid long-term and short term disability insurance
· 100% company paid vision insurance for employees and dependents
· 401k plan with generous match and 100% immediate vesting
· Competitive Pay
· Generous paid leave and holiday package
· Tuition and training reimbursement
· Life and AD&D Insurance
About AnaVation
AnaVation is the leader in solving the most complex technical challenges for collection and processing in the U.S. Federal Intelligence Community. We are a US owned company headquartered in Chantilly, Virginia. We deliver groundbreaking research with advanced software and systems engineering that provides an information advantage to contribute to the mission and operational success of our customers. We offer complex challenges, a top-notch work environment, and a world-class, collaborative team.
If you want to grow your career and make a difference while doing it, AnaVation is the perfect fit for you!