
AT&T
Bedminster, New Jersey
Primary Responsibility:
The candidate will work as a Principal Malware Analyst on the Threat Fusion Team, as part of the AT&T Chief Security Office Threat Analytics Program. They will be required to apply deep technical expertise to analyze and investigate cyber threats and facilitate exchange of threat information between internal and external teams to protect AT&T across its products, services, infrastructure, networks, and/or applications while providing protection for its customers and its vendors/partners. Will work with senior team members on various projects relating to the protection of devices, customers, assets, data, information technology, and networks. Analysis of complex security issues and the development and engineering activities to help mitigate detected risks. Includes forward looking research, planning and strategy to strengthen our stance against future cyber security threats, and enhance our mitigation techniques and technology solutions
The Threat Fusion Analyst will:
- Use advanced analysis techniques and collaborate with various multi-disciplinary teams to exchange threat information to protect AT&T employees and customers from cyber threats.
- Stay up to date on the latest cyber security news. Monitor ongoing security events and incidents to identify cyber security threats that need closer attention and investigation.
- Collect, organize and analyze threat information from multiple sources and apply it to security monitoring elements.
- Analyze and reverse engineer malware to identify new ways of tracking cyber threats.
- Analyze network traffic to detect suspicious and malicious patterns and identify new ways of tracking cyber threats.
- Use existing processes and frameworks to track cyber threats. Prototype new monitoring strategies and make recommendations on response process improvements.
- Work with the Algorithm Development and Response Engineering teams to implement and refine algorithm prototypes and implement process improvements.
- Provide malware and network analysis support for investigations.
- Research a variety of cyber threats and devise and prototype strategies for detecting, tracking, and preventing them.
Education:
Preferred bachelor’s degree in information systems, Engineering, Mathematics or Cyber Security or equivalent experience.
Experience:
Typically requires 8-10 years’ experience. Technical Career Pathway (TCP) role.
Supervisory: No.
The candidate will possess:
- Deep knowledge of multiple programming languages and a strong command of a scripting languages such as Python.
- Strong technical ability to use, configure, and troubleshoot Windows and Linux systems.
- Strong technical ability to use and modify existing custom tools.
- Deep technical understanding of Cryptography, Forensics, and Cyber Security principles.
- Strong technical understanding of Enterprise Architecture and common Security Solutions.
- Deep technical understanding and experience analyzing malware, reverse engineering, and investigating network anomalies.
- Strong work ethic, leadership, time management and organizational skills with a track record of executing deliverables and commitments on time.
- Strong ability to work in diverse and geographically distributed teams.
- Strong ability to communicate complex information, concepts, and ideas in a confident, concise and well-organized manner through verbal, written, and/or visual means.
Minimum Requirements:
- 2 or more years of technical experience in the Information Security field.
- At least one relevant security certification is preferred, such as but not limited to: CISSP, CEH, GCIH, GCFE, GCFA, GREM, GPEN, GWAPT, GXPN.
- Experience reviewing and writing cyber threat intelligence reports.
- Experience triaging cyber threat indicators and information about adversary tactics, tools, and techniques to discover new indicators and malware variants.
- Experience using Log Analysis and SIEM tools to create rules, alerts, and dashboards to find malware.
- Experience analyzing netflow and packet capture data to uncover suspicious activity.
- Experience creating and modifying SNORT rules.
- Deep technical knowledge of computer networking, protocols, and security concepts.
- Deep technical knowledge of common network and host protection elements and security appliances, such as but not limited to: Firewall, IDS, Proxy, EDR, AV.
- Experience with a variety of programming languages, such as but not limited to Python, Perl, Go, Java, C, C++.
- Experience reviewing and modifying existing scripts as well as creating new scripts to automate manual processes.
- Deep technical knowledge of malware analysis methods.
- Experience reverse-engineering, debugging, and triaging malware samples.
- Experience creating and modifying YARA rules.
- Familiarity and strong understanding of common cyber-attack stages and frameworks: e.g. CYBER KILLCHAIN, ATT&CK, etc…
- Strong interpersonal skills. The ability to work with diverse and geographically distributed team in a dynamic environment. The ability to stay focused and organized with a strong track record of meeting deliverables. Often goes above and beyond to exceed
- expectations.
The description provided above is not intended to be an exhaustive list of all job duties, responsibilities and requirements. Duties, responsibilities and requirements may change over time and according to business needs.
Need Additional Cyber Security Training?
Try these online classes
- IBM Data Science Professional Certificate by IBM
- Java Programming and Software Engineering Fundamentals Duke University
- Cloud Computing by University of Illinois
- Data Mining by University of Illinois
- Applied Data Science with Python by University of Michigan
- Data in Database by Arizona State University
- Excel Skills for Business by Macquarie University
- Financial Management by University of Illinois
- Financial Reporting by University of Illinois