Sandia National Laboratories R&D Reverse Engineer (Early/Mid-Career) in Albuquerque, New Mexico
We are seeking full-time cyber security reverse engineers to conduct malware analysis and develop tools to further the state-of-the-art in reverse engineering. Successful candidates will be independent, critical thinkers skilled in using data to solve analytic problems and adept in conducting cyber incident response under tight deadlines.
On any given day, you may be called on to:
- Provide subject matter expertise in the detection, analysis and mitigation of malware, trends in malware development and capabilities, and proficiency with malware analysis capabilities;
- Support the maintenance of malware analysis platforms and toolsets, identify requirements for new malware analysis capabilities, and contribute to the development of new malware analysis tools and techniques;
- Analyze malware, extracting relevant host and network based indicators;
- Identify capability of malware and any anchor functions that can be utilized to discover additional activity;
- Identify notable findings of intelligence value;
- Maintain and expand knowledge of tools and best-practices in advanced persistent threats; tools, techniques, and procedures (TTPs) of attackers; forensics and incident response;
- Identify and hunt for related TTPs across all internal/external repositories;
- Correlate collected intelligence, in order to build upon a larger knowledge base of tracked threat activity;
- Produce reports detailing attributes and functionality of malware, including indicators that can be used for malware identification/detection, the relationship between a given sample of malware and other known samples/families of malware, and notable features that indicate the origin or sophistication of the malware and its authors;
- Communicate and collaborate with technical staff supporting all enterprise cyber security functions;
- Contribute to the development of strategies and architectures for Sandia’s secure cyber environments.
- Bachelor’s degree in Computer Science/Engineering, Computer Information Systems, Computer Forensics, Mathematics, or a related field plus four years of experience; or Master’s degree in Computer Science/Engineering, Computer Information Systems, Computer Forensics, Mathematics, or a related field; or PhD in relevant discipline
- Basic programming and scripting skills (such as .NET, Java, Python);
- Experience with security solutions and technologies, including Windows, Mac, and Linux network architecture/implementation/configuration;
- Experience with dynamic and static analysis and tools such as IDAPro and Ollydbg;
- Existing DOE Q clearance;
- Graduate degree in Computer Science/Engineering, Computer Information Systems, Computer Forensics, Mathematics, or a related field;
- Malware analysis/reverse engineering/cyber security experience highly desired;
- Strong leadership skills with the ability to prioritize and execute in a methodical and disciplined manner;
- Familiarity with Kill Chain for incident response;
- Familiarity with security technologies such as IDS, IPS, and HBSS.
- Strong oral and written communication skills, ability to explain complex ideas clearly and concisely;
- Familiarity with analyzing disassembly of x86 and x64 binaries;
- Ability to make decisions on remediation and counter-measures for challenging information security threats;
- Knowledge of advanced computer exploitation methodologies, two or more analysis tools used in a CSIRT or similar investigative environment, such as EnCase Enterprise or AccessData Forensic Toolkit and demonstrated ability to articulate the processes being conducted by these tools;
- Ability to conduct analysis of electronic media, network traffic and packet capture, log data, and network devices in support of intrusion analysis or enterprise level information security activities, understand data flows and identify anomalous behavior;
- Knowledge of packet flow/TCP/UDP traffic, firewall technologies, proxy technologies, anti-virus, spam and spyware solutions
Sandia’s Cyber Security Program is responsible for the protection of Sandia’s electronic information while enabling mission work. Our Cyber Security responsibilities include technology research and development of next generation cyber systems and technologies; including, but not limited to areas such as encryption, authentication and authorization methodologies, intrusion detection, vulnerability assessment, penetration testing, forensics, reverse engineering, incident response, and remediation. Further, we conduct data acquisition in support of corporate electronic discovery requirements related to litigation and investigation of waste, fraud, and abuse. Sandia prides itself on providing cyber security leadership across the NNSA and DOE complex. We operate in a fast-paced environment against sophisticated, focused adversaries and enjoy the Labs’ support in the execution of our mission.
Sandia National Laboratories is the nation’s premier science and engineering lab for national security and technology innovation, with teams of specialists focused on cutting-edge work in a broad array of areas. Some of the main reasons we love our jobs:
- Challenging work withamazingimpact that contributes to security, peace, and freedom worldwide
- Extraordinary co-workers
- Some of the best tools, equipment, and research facilities in the world
- Career advancement and enrichment opportunities
- Flexible schedules, generous vacations,strongmedical and other benefits, competitive 401k, learning opportunities, relocation assistance and amenities aimed at creating a solid work/life balance*
World-changing technologies. Life-changing careers. Learn more about Sandia at: http://www.sandia.gov
*These benefits vary by job classification.
Position requires a Department of Energy (DOE) granted Q-level security clearance.
Sandia is required by DOE directive to conduct a pre-employment drug testing, and a pre-employment background review that includes personal reference checks, law enforcement record and credit checks, and employment and education verifications. Applicants for employment must be able to obtain and maintain a DOE Q-level security clearance, which requires U.S. citizenship.
Applicants offered employment with Sandia are subject to a federal background investigation to meet the requirements for access to classified information or matter if the duties of the position require a DOE security clearance. Substance abuse or illegal drug use, falsification of information, criminal activity, serious misconduct or other indicators of untrustworthiness can cause a clearance to be denied or terminated by the DOE, rendering the inability to perform the duties assigned and resulting in termination of employment.
Equal opportunity employer/Disability/Vet/GLBT