Threat researcher

Posted: May 11, 2021, 10:31 a.m. - Full Time - Ahmedabad

Sophos Overview – Cybersecurity Evolved

Sophos evolves to meet every new challenge, protecting more than 400,000 organizations of all sizes in more than 150 countries from today’s most advanced cyberthreats. Powered by SophosLabs, our cloud-native and AI-enhanced solutions are able to adapt and evolve to secure endpoints and networks against never-before-seen cybercriminal tactics and techniques. Managed through our award-winning, cloud-based platform, Sophos Central, our best-of-breed products work together through our unique Synchronized Security system to share threat intelligence and respond to evolving threats. The Sophos suite of products secures networks and endpoints against automated and active-adversary breaches, ransomware, malware, exploits, data exfiltration, phishing, and more.

Job Purpose

SophosLabs is recruiting an Intermediate Threat Researcher to join our Generic Detection Team - the global team of highly skilled security experts that deliver protection against Windows executable threats and applications.

As a member of the Generic Detection Team, you will leverage existing skills and learn new ones. You will use reverse engineering skills to develop new techniques for classifying and differentiating suspicious and clean files, and new methods for grouping and detecting executable threats and applications. You will employ unpacking and emulation methods to decrypt and deobfuscate packed code, allowing us to understand the hidden functionality. You will also contribute to research and data mining initiatives to discover new threats and opportunities improve protection.

The Generic Detection Team has members across the multiple locations that make up the global SophosLabs organization. You will work with local and remote security researchers across multiple teams to analyze, classify and create protection for malware, occasionally contributing to our customer response efforts within a local rotation.

Main Duties:

  • Participate in or lead research efforts within a particular threat research area
  • Conduct research and analysis of a variety of different malware families and threats
  • Produce high-quality proactive protection against Windows malware and applications
  • Identify opportunity for and contribute to articles and/or whitepapers on research
  • Develop tools, workflow and/or systems improvements

Essential:

  • 1-3 years in computer security field
  • Reverse engineering using IDA Pro
  • Solid expertise in particular threat type or detection technology
  • Proven ability to prioritise and organise assigned tasks
  • Ability to work both independently and as part of a team
  • Good written and verbal communication skills
  • Bachelor degree in Computer Software (or equivalent)

Desirable:

  • Debugging using OllyDbg or WinDbg
  • Knowledge of Windows internals and kernel-level analysis
  • Published technical / whitepapers
  • Data mining experience
  • Knowledge of a scripting language, such as Python or Perl