Malware Reverse Engineer

You’ll work with visionaries across multiple industries to improve the hybrid cloud and AI journey for the most innovative and valuable companies in the world. Your ability to accelerate impact and make meaningful change for your clients is enabled by our strategic partner ecosystem and our robust technology platforms across the IBM portfolio; including Software and Red Hat.

Curiosity and a constant quest for knowledge serve as the foundation to success in IBM Consulting. In your role you’ll be encouraged to challenge the norm investigate ideas outside of your role and come up with creative solutions resulting in ground breaking impact for a wide network of clients. Our culture of evolution and empathy centers on long-term career growth and development opportunities in an environment that embraces your unique skills and experience.

Your Role and Responsibilities
The X-Force Threat Intelligence team (XFTI) offers expert malware and threat analysis to IBM customers worldwide. Our analysts respond to advanced cyber threats and provide cutting-edge research to deliver actionable threat intelligence to help organizations protect themselves against emerging threats and reduce their attack service.

As a Malware Reverse Engineer you’ll completely reverse engineer malicious software write detailed reports on command functionality malware communications and encryption mechanisms and develop targeted python scripts to support identification and automation efforts.

• Provides expert technical analytical support and advanced malware analysis support to the X-Force Threat Intel and Incident Response teams.
• Provides industry-leading malware analysis for advanced cyber threat incidents and research support across several security domains in an exciting and growing security delivery organization within IBM.
• Will work with IBM X-Force Incident Response teams to triage cyber threat activity cooperate across IBM proprietary telemetry to model threats and support analysts writing intelligence research.
• Proactively searching for indicators of compromise (IOCs) performing in-depth analysis of incident data and contributing to incident response efforts by providing actionable insights and recommendations in a timely fashion.

Required Technical and Professional Expertise

• Minimum 5 years of experience in malware reverse engineering and in-depth knowledge and experience in advanced malware analysis techniques. This includes proficiency in unpacking packed or obfuscated malware understanding rootkit functionality analyzing complex exploit chains and dissecting sophisticated evasion mechanisms. The reverse engineer should be capable of reading understanding and analyzing highly complex and optimized assembly code.
• Proficiency with coding in a high-level programming language (C C++ Python etc…) to support analysis work or to parse data from various data structures to include malware configuration blocks cryptographic key values etc…
• Experience with debugging and disassembling tools such as IDA Pro x64dbg Windbg GDB to inspect and analyze malware binaries. Familiarity with debugging techniques breakpoints and runtime analysis for dynamic malware analysis.
• S trong understanding of assembly language (x86/x64/ARM). Ability to read and comprehend low-level code to decipher the behavior of malware and identify potential vulnerabilities or exploits.
• Ability to develop signatures and rules for threat research to identify malware families and activities such as YARA network or behavioral signatures

Preferred Technical and Professional Expertise

• Ability to work independently and as part of a team to conduct malware analysis in support of technical incident response and/or threat hunting and research
• Demonstrated ability to present findings from malware analysis through written reports or oral briefings for dissemination to various technical audiences
• Ability to analyze a wide range of malware file types such as ELF and MacOS binaries.
• Capable of analyzing any given artifacts such as files logs network packets registry hives and memory dumps.
• Experience with analyzing malicious documents and understanding associated exploit techniques
• Strong working knowledge in Operating Systems (Windows MAC Linux) and processor architectures (x86 x64 ARM etc.)
• Experience supporting incident response partners managed security or threat intelligence teams.