.Reverse Engineer / Malware Research Cyber Security Specialist
Select Precision - Global Bank - Frankfurt Am Main Area, Germany
Job Description
The Reverse Engineer/Malware Cyber Security Consultant is responsible to protect the IT-systems of the bank against all kind of threats from cyber attacks, internal fraud, and all kind of organized crime . The scope of this division is covering not only IT Infrastructure , but is including the application space. Here lies responsibility for Architecture and Operations as well as for the development and ownership of Common Security Solutions to be used by all of Global Technology.
The IT Security Specialist will be responsible for in depth analysis of IT threats against the Global bank who are one of the world's leading financial service providers.
This responsibility includes performing fast malware reversing analysis in order to bring hard technical facts during incident response phases, as well as longer term projects regarding penetration testing engagements on key assets.
The IT Security Specialist will have to work closely with a team of subject matter experts, from different areas. This can include Security Incident Management, Security Problem Management and Security Architecture teams, as well as groups outside the security space like Engineering or End-user Services. Hence the required excellent communication skills.
Tasks / Responsibilities:
- Design and perform external and internal penetration tests in order to expose potential vulnerabilities of key assets. Explain in a comprehensive manner the strategies and actions which lead to the compromise, as well as potential remediation and state of the art practices.
- Support Security Incident Management team on analysis and remediation of an active incident.
- Perform malware analysis (static and dynamic reverse engineering) from potentially compromised systems in support of incident analysis and response. Analyze network and application logs in coordination with malware analysis.
- Perform cyber threat counter intelligence by identifying intelligence sources, enhancing search methods for intelligence and communicating implications on cyber threats to technical and non-technical audiences.
The team are building a group within the so called IntelligenceTeam which aim is primarily to focus on technical aspect to enhance the bank's security.
We are in the process to build a lab to perform the following actions:
- Malware forensic and research
- Incident response regarding malcodes
- Assistance and internal technical consulting to other teams
- Vulndev and development of penetration testing scenarios
- Help in the selection and audit of security products
We search a self learning person, whom like to work with close groups on the inner details of technology.
This person also has to be able to present his research to the higher management, if the opportunity presents itself.
We look for strong penetration testing and reverse engineering skills, on different environments and if possible architectures.
Desired Skills & Experience
Experience | Exposure (Recommended):
- Excellent analytical skills to evaluate problem, root cause and resolution
- Experience in translation of very complex topics in clear and crisp messages/ visions
- Knowledge of market leader penetrating test tools such as Metasploit, Immunity Canvas or Core SDI IMPACT, of penetration testing methodologies like OSSTMM and experience in structuring a penetration test, identifying vulnerabilities and evaluate the impact of a potential exploitation on the targeted system. Driving exploitation while understanding and evaluating the risk.
- Knowledge of low level computer architecture ie low level system and network programming for Unix/Windows as well as basic administration skills of a Linux system, for network and virtualization
- Understanding and ability to explain the traditional vulnerability classes we can find in modern software, exploitation methods knowhow
- Experience in disassembling software in MS Windows environment
Knowledge of x86 and x86_64 assembly required, arm and/or mips would be a plus
Experience in forensic analysis using forensic tools (e.g., EnCase, FTK, or similar) background in cyber threat trends (preferred)
Knowledge of higher level languages such as C/C++, Java, VB and at least one scripting language such as Python or Ruby
Experience of software such as IDA for static analysis, scripting skills required and of at least one of the following debuggers: WinDBG, OllyDBG, ImmDbg
Knowledge of Windows kernel components would be a plus
At least basic knowledge of malware code packing, obfuscation and anti-debugging is required
Experience in forensic analysis using forensic tools (e.g., EnCase, FTK, or similar) background in cyber threat trends (preferred)
Strong teamplayer, fluent in English (written/verbal), well proven influencing skills in a multi-cultural and globally matrixed organizations is required
Education | Certification (Recommended)
- Masters Degree from an accredited college or university or equivalent
- CISSP (Certified Information Systems Security Professional) or equivalent
- CISA (Certified Information Systems Auditor) or equivalent
- Certified Ethical Hacker
Location: Frankfurt OR NYC - Visa status must be confirmed for suited location.
Corporate Title:VP
Company Description
The company is a leading global investment bank with strong private clients, offering unparalleled financial services throughout the world. A leader in Germany and Europe, NYC, the bank is continuously growing in North America, Asia and key emerging markets and is the most sought after and prestigious brand in the Financial Services and Banking industry. The firm attracts and retains some of the world's most talented employees in the industry, enhancing the strengths with further training development and career progression and succession planning.
Please contact sofy [at] selectprecision [dot] com to discuss further.
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}