Senior Malware Security Researcher at Glasswall

Job Summary

We are looking for an experienced Security Researcher with a focus on malware, YARA, and indicators of compromise (IOCs). The successful candidate will be responsible for conducting in-depth analysis of malware samples, developing and refining detection methods using YARA rules, and identifying and developing IOCs to support threat hunting and incident response activities. The job duties include strong research and analysis skills, including the understanding of malware analysis, reverse engineering, defence evasion techniques, and engineering detection capabilities. The role involves writing software tools for internal use, using a variety of scripting or programming languages. The security researcher will work closely with data intelligence analysts to leverage machine learning that predicts when a file that has undergone CDR processing can predict the existence of malicious code. The role will help demonstrate and prove CDR's efficacy in preventing malware from crossing a trust boundary but also widen the commercial offering of Glasswall by helping to identify malware analysis as a service to aggregators of threat information. 

About Us

We didn't start out as a traditional security product. In the beginning, Glasswall was one of only two file sanitisation filters in the US Intelligence Community's highly classified networks. We are rated #1 by the National Security Agency. We designed Glasswall CDR to protect businesses against the most advanced file-based threats. Today, we're trusted by commercial and government organisations around the world.

Inclusion

At Glasswall, we believe that diversity of people and thought are central to our purpose. We are committed to making Glasswall a company attractive to people of many different backgrounds. This includes diversity in every sense of the word: those with different backgrounds, ages, ethnicities, gender identities, sexual orientations, ways of thinking and those with disabilities or neurodivergent conditions. We therefore welcome and encourage applications from everyone, including those from groups that are under-represented in our workforce. 

One of our corporate objectives is to ensure that our employees highly rate the organisational health of the firm. We believe this is only possible if we promote a culture of inclusion and respect across our business. Each quarter we survey employees on a range of questions relating to our organisational health. This holds a mirror-up to a business and ensures we can focus on where we need to improve.

We have an Organisational Health Committee chaired by a non-executive position. The panel has been formed to guide the leadership in taking positive action that supports a good work-life balance, family-friendly relations and to be inviting to a diverse range of potential employees.

We also have a Women in Technology Group formed to promote balance in how we communicate with, promote, encourage, and support people across our business. 

Role Responsibilities

• Conduct in-depth analysis of malware samples to determine their functionality, intent, and potential impact on systems and networks.
• Proactively research new malware using hunting capabilities on malware repository services such as VirusTotal.
• Keep up to date with the latest threat actor techniques and other cybersecurity topics that are relevant to businesses defending computers and networks from intrusions.
• Develop and refine detection methods using YARA rules to identify and classify malware threats and use machine learning algorithms to assist in identifying malicious files.
• Identify and develop IOCs to support threat hunting and incident response activities, including using output from content disarm and reconstruction (CDR) analysis to help identify potential indicators of compromise.
• Use reverse engineering techniques to analyse and understand malware behaviour, develop countermeasures to protect systems and networks and to detail how CDR disrupts malware expression in files.
• Monitor security-related forums, blogs, and other sources of information to identify new malware and potential attack vectors.
• Conduct research into the support of new file types by the CDR engine – by articulating considerations around the file specification, inspection and sanitization guidance and threat models that will guide CDR camera creation.
• Provide guidance into thwarting covert channels for data hiding and steganography approaches that may otherwise allow unauthorized data loss across a trust boundary
• Collaborate with internal teams to develop and implement security controls and procedures to protect client systems and networks.
• Communicate findings and recommendations to technical and non-technical stakeholders.
• Assist Product Management with the commercial exploitation of CDR telemetry, which will likely be useful in identifying malware classes.

Requirements

• Experience using machine learning algorithms to analyse large datasets of malware.
• Interest in using content disarm and reconstruction (CDR) analysis to identify potential YARA rules
• Excellent written and verbal communication skills.
• Ability to work independently and in a team environment.
• Technical understanding of malware analysis techniques and ability to correctly interpret results of malware reverse engineering as it practically applies to threat-hunting tasks
• Experience reverse-engineering malware (can be professional or student experience)
• Programming and scripting experience to develop internal tools
• Experience analysing obfuscated scripts (e.g., PowerShell, VBA, JavaScript, .Net, etc.)
• Superior research and technical analysis skills
• Understanding of cybersecurity topics and ability to explain them to others clearly
• Proven record of accomplishment of independently managing multiple research projects – Accountability, personal initiative, and integrity
• Ability to take ownership, set priorities, multi-task and meet tight deadlines
• Well-developed problem-solving and interpersonal skills
• Excellent organisational skills with acute attention to detail
• Performs any other essential function that may occur as directed

Beneficial knowledge and experience

• Bachelor's or master's degree in computer science with an emphasis on Security
• Relevant industry certifications (e.g., CISSP, GIAC, CISA).
• Experience with network forensics and/or digital forensics.
• Experience defeating packers/crypters to unpack malware samples for analysis
• Digital forensics and incident response experience
• Practical cryptography experience: applying existing modules and cryptographic libraries to encrypt and decrypt data
• Experience researching emerging threats and attack vectors being exploited in the wild

Work/Life Balance

Our team puts a high value on work-life balance. It isn't about how many hours you spend at home or work; it's about the flow you establish that brings energy to both parts of your life. We believe striking the right balance between your personal and professional life is critical to life-long happiness and fulfilment. We offer flexible working hours and encourage you to find your own balance between your work and personal lives.

Salary and Benefits

• Glasswall offers a competitive salary and incentives package.
• We offer flexible and remote working options, with hybrid working from our office in the Greater London area.
• Office travel and incidental WFH expense coverage.
• 25 days holiday (plus public holidays).
• Private Medical Insurance, including mental health support and cancer care.
• Enhanced sick pay.
• Company sponsored life, critical illness and income protection insurance.
• Contributory pension scheme.
• Access to 'salary sacrifice' benefits such as Cycle to Work and Tech Schemes.

A successful candidate will live in the United Kingdom and is comfortable working from home, with some meetings being held in the London office.

We encourage you to apply even if your experience is not a 100% match with the position. We are looking for someone with relevant skills and experience, not a checklist that exactly matches the job description. We want to help you grow, and in return, you help us grow into a stronger, more inclusive organisation.

Glasswall is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, disability, age, or other legally protected status. 

Application process

Interested candidates can email [email protected] or visit http://careers.glasswall.com/ to apply.