Loading...

Threat Researcher - Generic Detection

Budapest, HU, 1117

Sophos Labs

Sophos Overview – Cybersecurity Evolved

Sophos evolves to meet every new challenge, protecting more than 400,000 organizations of all sizes in more than 150 countries from today’s most advanced cyberthreats. Powered by SophosLabs, our cloud-native and AI-enhanced solutions are able to adapt and evolve to secure endpoints and networks against never-before-seen cybercriminal tactics and techniques. Managed through our award-winning, cloud-based platform, Sophos Central, our best-of-breed products work together through our unique Synchronized Security system to share threat intelligence and respond to evolving threats. The Sophos suite of products secures networks and endpoints against automated and active-adversary breaches, ransomware, malware, exploits, data exfiltration, phishing, and more.

 

 

Threat Researcher – Generic detection

 

We have a fantastic opportunity here at SophosLabs for a Threat Researcher (Generic Detection) to join our global team of experts who deliver protection against Windows executable threats and applications.

 

The Generic Detection Team has members across the multiple locations that make up the global SophosLabs organization. You will work with local and remote security researchers across multiple teams to analyze, classify and create protection for malware, occasionally contributing to our customer response efforts within a local rotation.

 

The Role

As a member of the Generic Detection Team, you will leverage existing skills and learn new ones. You will use reverse engineering skills to develop new techniques for classifying and differentiating suspicious and clean files, and new methods for grouping and detecting executable threats and applications. You will employ unpacking and emulation methods to decrypt and deobfuscate packed code, allowing us to understand the hidden functionality. You will also contribute to research and data mining initiatives to discover new threats and opportunities improve protection.

 

You will be passionate about threat detection and take a keen interest in emerging threats and the ways and means to protect organisations from the associated risks.

 

Some examples of investigations that the team have contributed to can be fornd below –

 

https://news.sophos.com/en-us/2020/02/25/how-i-learned-to-stop-worrying-and-love-grey-hat-tools/

https://news.sophos.com/en-us/2021/02/03/mtr-casebook-uncovering-a-backdoor-implant-in-a-solarwinds-orion-server/

https://news.sophos.com/en-us/2020/12/21/how-sunburst-malware-does-defense-evasion/

https://news.sophos.com/en-us/2020/09/24/email-delivered-modi-rat-attack-pastes-powershell-commands/

 

Requirements

 

You will need to have experience in the computer security field  and be able to demonstrate reverse engineering skills, technical aptitude and innovation. The ability to think creatively will be needed as is the ability to combine deep technical knowledge with your tenacity for innovation and a can-do attitude to solve complex and challenging problems on a daily basis. As a customer-facing team, we recognize and appreciate those with passion to provide the best protection and experience for our customers.

 

Key Responsibilities

 

Participate in or lead research efforts within a particular threat research area.

Conduct research and analysis of a variety of different malware families and threats.

Produce high-quality proactive protection against Windows malware and applications.

Identify opportunity for and contribute to articles and/or whitepapers on research.

Develop tools, workflow and/or systems improvements.

 

Experience And Skills

 

Reverse engineering using IDA Pro

Debugging using OllyDbg or WinDbg

Knowledge of Windows internals and kernel-level analysis

Solid expertise in particular threat type or detection technology

Proven ability to prioritise and organise assigned tasks

Ability to work both independently and as part of a team

Good written and verbal communication skills

Bachelor degree in Computer Software (or equivalent)

 

Desirable:

 

Contributing  to published technical / whitepapers

Data mining experience

Knowledge of a scripting language, such as Python or Perl

 

In return we offer a competitive salary and benefits package and of course the opportunity to join a dynamic and progressive team.

 

Equal Opportunities & Privacy

Sophos is committed to equality opportunity in all areas of its work. All qualified applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, marital status, race, religion, colour, age, disability or sexual orientation. If you choose to explore this opportunity, and subsequently share your CV or other personal details with Sophos, these details will be held by Sophos for 12 months in accordance with our Privacy Policy and used by our recruitment team to contact you regarding this or other relevant opportunities at Sophos.  If you would like Sophos to delete or update your details at any time, please follow the steps set out in the Privacy Policy describing your individual rights.  If you have any questions about Sophos’ data protection practices, please contact dataprotection@sophos.com.

At Sophos, we want every organization to be protected by innovative, next-generation IT security, even those who don't have a huge IT staff. We protect organizations of all sizes, all around the world by making enterprise-grade security that is simple to deploy, manage, and use. It is our passion, and something we are truly proud of.


Job Segment: Cloud, Data Mining, Technology