Job Description

1. Perform hands-on red teaming simulation, application security penetration testing and help design and improve the security testing artifacts and process for all aspect of development (agile, normal, emergency, etc.)
2. Create patterns and document malware analysis samples, document vulnerabilities and exploits used while analyzing a malware.
3. Assess, Analyze, evaluate, and document malicious code behavior across the environment (including telco and IT).
4. Identify commonalities and differences between malware samples from various incidents, for purposes of grouping or classifying for attribution purposes (countries, patters, etc.)
5. Researching on Vulnerabilities, exploits, zero-day Malware and then providing early alerts to Security Engineering team along with mitigation strategy for new types of behaviors.
6. Impart training to internal team members (including cross functional teams – development, products, etc.) on Reverse Engineering.
7. Lead the research of new technology exposure with change to current security threat landscape. Researches and stays abreast of industry trends, emerging threats, best practices, and emerging techniques to creatively discover and exploit vulnerabilities, and recommend security solutions for technology systems.
8. Act as an SME to Fraud and revenue assurance team in identifying and simulating cases of digital fraud and potential revenue losses caused via digital channels.
9. Develop tools to identify a 0-day malware based on various characteristics of a file format.
10. Contributes in preparing budgets for the solutions and provide inputs for the yearly organization budgets business plan
11. Protect company assets by helping to develop security strategies; directing system control development and access management, monitoring, control, and evaluation. Perform other duties as assigned.

Job Requirements

• Experience working with Ida Pro and similar tools. 
• Certified Information Systems Security Professional (CISSP) or GIAC Certified Intrusion Analyst (GCIA) or GIAC Certified Incident Handler (GCIH) 
• GIAC Reverse Engineering Malware (GREM) 
• Certified as GIAC Web Application Penetration Tester (GWAPT), GIAC Penetration Tester (GPEN), or Certified Ethical Hacker (CEH) – would be added advantage 

• At least 5 years in Malware analysis / reverse engineering.

Additional Info