Cybersecurity Threat Specialist

SUMMARY The Threat Researcher is a self-starting and motivated analyst on Arete’s Cyber Threat Research team, primarily focused on countermeasure development, threat hunting and profiling, malware analysis, cyber threat research, and tracking known adversaries and emerging threats. The position contributes to the research and publication of threat insights, internal work products, as well as intelligence products to be used by Arete’s customers and stakeholders. A successful threat research and detection engineer thrives on learning the technical aspects of the tactics, techniques, and procedures leveraged by threat actors and finding solutions to challenging problems. You will play a critical role in developing and maintaining high-fidelity detections contributing to Arete’s MSS and DFIR services and collaborating with cross-functional teams to stay ahead of emerging threats. Work may occasionally include after-hours support.ROLES & RESPONSIBILITIESDevelop countermeasures, tools, and methods of detection used for threat hunting and incident response activities to detect, respond, and remediate cyber threatsPerforms threat hunting in Endpoint Detection & Response (EDR) telemetry dataConduct analysis of malware, threat actor Tactics, Techniques, and Procedures (TTPs), and attack chains to inform detection strategiesIdentifies cyber threats, trends, and new malware families and threat actor groups, researching various sources that include Arete’s case reports, DFIR & MDR SOC escalations, automated malware analysis sandbox submissions, raw and open-source intelligenceCollaborate with Threat Intelligence, DFIR, MDR, and SOC teams to ensure detection coverage aligns with real-world threatsCreate compelling internal reports and presentations from analysis resultsInform various business units within Arete about new threat actor TTPsUncover adversary activity not detected by current detection mechanismsIdentify intelligence and technology gapsContribute to the development and enhancement of threat detection tools, technologies, and processes to improve automation, data analysis, intelligence sharing, and service offeringsConduct stakeholder briefings to communicate relevant findingsProvide tactical research and analysis support for MDR, DFIR, and SOC business unitsAssist with creating detailed process documentation of analysis workflows to help maintain and update our Standard Operating Procedures for continuous process improvementParticipate in weekend handler-on-duty rotationsMay perform other duties as assigned by managementSKILLS AND KNOWLEDGEMotivated self-starter with a passion for EDR countermeasure development, detection engineering, malware analysis, threat profiling, and cyber threat researchKnowledge of Endpoint Detection and Response technology, threat hunting, automated malware analysis sandbox systems, and countermeasure development (e.G., SentinelOne, CrowdStrike, Microsoft KQL)Knowledge of various tools and techniques used by cybercrime threat actors, and desire to extend knowledge of threat actor TTPsAbility to analyze, or use an automated malware analysis system, and identify key indicators of malicious activity for various file types such as Portable executables, Visual Basic scripts, Java scripts, Powershell scripts, Malicious documents, Webshells, and ShellcodeKnowledge of obfuscation algorithms and de-obfuscating dataAbility to produce high-quality finished work products within short deadlinesAbility to work remotely under a minimal supervision environment maintaining high quality analytical production and excellent relationship with stakeholdersAbility to manage relationships with stakeholdersAdaptable and willing to learn new technologiesJOB REQUIREMENTS Bachelor’s degree with a minimum of 5 years of experience related to the job role or Master’s degree in Cybersecurity, Engineering, Computer Science, Information Assurance, or related field with a minimum of 3 years of experience related to the job roleExperience writing EDR countermeasures, Yara rules, and Regular ExpressionsExperience with malware analysis and threat profiling, preferably cybercrime threats like ransomware and ransomware precursorsExperience with network traffic, memory, and log analysisExperience with automated malware analysis systems and identifying key indicators of compromiseExcellent written and verbal communication skills, with the ability to present technical information to both technical and non-technical stakeholdersAbility to work in a fast-paced environment with MDR and DFIR analystsAbility to follow guidance to take non-traditional and creative approaches to solving problems and having the ability to quickly adapt as neededDISCLAIMERThe above statements are intended to describe the general nature and level of work being performed. They are not intended to be an exhaustive list of all responsibilities, duties, and skills required by personnel so classified. WORK ENVIRONMENTWhile performing the responsibilities of this position, the work environment characteristics listed below are representative of the environment the employee will encounter: Usual office working conditions. Reasonable accommodations may be made to enable people with disabilities to perform the essential functions of this job.TERMS OF EMPLOYMENTSalary and benefits shall be paid consistent with Arete salary and benefit policy. DECLARATIONThe Arete Incident Response Human Resources Department retains the sole right and discretion to make changes to this job description. EQUAL EMPLOYMENT OPPORTUNITY We’re proud to be an equal opportunity employer- and celebrate our employees’ differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better.