Principal Analyst, Cyber Espionage (Remote - Canada)
Toronto, Canada
2d ago

Company Description

Since 2004, Mandiant has been a trusted partner to security-conscious organizations. Effective security is based on the right combination of expertise, intelligence, and adaptive technology, and the Mandiant Advantage SaaS platform scales decades of frontline experience and industry-leading threat intelligence to deliver a range of dynamic cyber defense solutions.

Mandiant’s approach helps organizations develop more effective and efficient cyber security programs and instills confidence in their readiness to defend against and respond to cyber threats.

Job Description

Mandiant is seeking a technical analyst to join our Cyber Espionage Intelligence team. The Cyber Espionage team identifies, tracks and reports on government sponsored cyber espionage (APT) activity that takes place all around the world.

This work supports corporate and government intelligence clients and other divisions of Mandiant.

The Senior Cyber Espionage Analyst will play an important role on our team, leading investigation and analysis of nation-state threats.

The position will conduct in-depth technical analysis of malicious software (malware), campaigns, and the Tactics, Techniques and Procedures (TTPs) of nation-state sponsored actors.

A particular emphasis will be on developing novel techniques for tracking advanced actors.

The role will effectively and efficiently work alongside of the technical and threat analysts on the Cyber Espionage Team to produce timely, thorough and actionable reporting.

What You Will Do :

  • Discovery, categorization, and attribution of nation-state malware and infrastructure, including in-depth malware analysis
  • Creation of signatures to support the collection and detection of malicious activity
  • Development of tools to support proactive hunting across public and proprietary data sets
  • Contributing to reporting on these discoveries to inform FireEye Threat Intelligence customers about the above malicious activities.
  • Qualifications

    Minimum Requirements :

    5+ years doing Malware Analysis including :

  • Dynamic and static analysis of x86 Windows portable executable binaries
  • Experience of x86 assembly language
  • Experience with JavaScript, Perl, PowerShell, Python, Ruby, PHP, VBScript and other
  • Decoding and decrypting of file data and network traffic
  • 5+ years doing Campaign Tracking including :

  • Experience creating file signatures leveraging malware detection platforms such as Yara
  • Experience tracking adversaries via network infrastructure
  • Experience correlating and attributing malicious activity
  • Experience with finished threat intelligence
  • Effective written and oral communication skills
  • Desired Qualifications :

  • Experience the dynamic and static analysis of multiple operating systems and file formats.
  • Experience disassembling multiple architectures
  • Experience with the creation of file, host, and network signatures leveraging multiple malware and network detection platforms
  • Experience developing decoders, decryptors, parsers, and other related tools based on malware, network traffic, and campaign analysis
  • Experience developing tools to uncover targeted activity leveraging large data sets
  • Experience producing finished intelligence products for multiple audiences
  • Report this job

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Application form