IBM X-Force Incident Response & Intelligence Services (IRIS) is looking for a Malware Reverse Engineering Manager. The Malware Reverse Engineering Team Manager will lead the IBM X-Force IRIS reverse engineering team in support of both the Incident Response and Intelligence Services mission roles of the IRIS team. This role requires a well-organized, highly-motivated RE that can manage tasks across the team while also conducting malware analysis tasks to support the IRIS team. The key task will be helping IRIS to develop a cohesive delivery platform for real-time, actionable data. Up to 10% travel is required for training, conferences, or client engagements.
The candidate will provide industry-leading threat intelligence services across several security domains in an exciting and growing security delivery organization within IBM. The manager will work with IBM Incident Response teams to triage cyber threat activity, cooperate across IBM Security’s proprietary telemetry to model threat activity (open source and from industry leading sources in IBM Security), and support analysts writing intelligence research on X-Force Exchange.
Required Technical and Professional Expertise
6-8 years of experience in malware reverse engineering or malware analyst, including experience conducting static and dynamic reverse engineering
Demonstrated experience using IDA tools (IDA Pro, IDA Python), malware sandboxes, manual unpacking tools (Olly, MWCP, kordessi), packet analyzers (such as WireShark)
Ability to develop signatures and rules for threat research to identify malware families and activities, specifically experience developing YARA and Snort/Suricata signatures
Demonstrated ability to present findings from malware analysis through written reports or oral briefings for dissemination to various technical audiences
Preferred Tech and Prof Experience
Ability to multi-task, lead a team of other REs and divide tasks among team members
Provide quality control of team output, identify and train team members on new analysis techniques or to improve analyst capabilities
Experience with analyzing and reversing cryptography in samples
Experience with network forensic analysis including signature and decoder development
Creating python scripts to parse data from various data structures to include malware configuration blocks, cryptographic key values, etc
Understanding of the concepts of pivot, pattern and trend analysis
Support incident response partners or managed security teams
IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.