Job Description

SUMMARY
The Threat Researcher is a self-starting and motivated analyst on Arete's Cyber Threat Research team, primarily focused on countermeasure development, threat hunting and profiling, malware analysis, cyber threat research, and tracking known adversaries and emerging threats. The position contributes to the research and publication of threat insights, internal work products, and intelligence products to be used by Arete's customers and stakeholders. A successful threat research and detection engineer thrives on learning the technical aspects of the tactics, techniques, and procedures leveraged by threat actors and finding solutions to challenging problems. You will play a critical role in developing and maintaining high-fidelity detections contributing to Arete's MSS and DFIR services and collaborating with cross-functional teams to stay ahead of emerging threats. Work may occasionally include after-hours support during major engagements.
ROLES & RESPONSIBILITIESDevelops countermeasures, tools, and methods of detection used for threat hunting and incident response activities to detect, respond, and remediate cyber threats Performs threat hunting in Endpoint Detection & Response (EDR) telemetry data Conducts analysis of malware, threat actor Tactics, Techniques, and Procedures (TTPs), and attack chains to inform detection strategies Identifies cyber threats, trends, and new malware families and threat actor groups, researching various sources that include Arete's case reports, DFIR & MDR SOC escalations, automated malware analysis sandbox submissions, raw and open-source intelligence Collaborates with Threat Intelligence, DFIR, MDR, and SOC teams to ensure detection coverage aligns with real-world threats Creates compelling internal reports and presentations from analysis results Informs various business units within Arete about new threat actor TTPs Uncovers adversary activity not detected by current detection mechanisms Identifies intelligence and technology gaps Contributes to the development and enhancement of threat detection tools, technologies, and processes to improve automation, data analysis, intelligence sharing, and service offerings Conducts briefings for stakeholders to inform them of relevant findings Provides tactical research and analysis support for MDR, DFIR, and SOC business units Assists with creating detailed process documentation of analysis workflows to help maintain and update our Standard Operating Procedures for continuous process improvement Participate in weekend handler-on-duty rotations May perform other duties as assigned by management

SKILLS AND KNOWLEDGEMotivated self-starter with a passion for EDR countermeasure development, detection engineering, malware analysis and cyber threat research Knowledge of Endpoint Detection and Response technology, threat hunting, automated malware analysis sandbox systems, and countermeasure development (e.g., SentinelOne) Knowledge of various tools and techniques used by cybercrime threat actors, and desire to extend knowledge of threat actor TTPs Ability to analyze, or use an automated system, and identify key indicators of malicious activity for various file types such as Portable executables, Visual Basic scripts, Java scripts, PowerShell scripts, Malicious documents, Webshells, and Shellcode Knowledge of obfuscation algorithms and de-obfuscating data Ability to produce high-quality finished work products within short deadlines Ability to work remotely under a minimal supervision environment, maintaining high-quality analytical production and excellent relationships with stakeholders Ability to manage relationships with stakeholders Adaptable and willing to learn new technologies

JOB REQUIREMENTSBachelor's degree with a minimum of 5 years of experience related to the job role or Master's degree in Cybersecurity, Engineering, Computer Science, Information Assurance, or related field with a minimum of 3 years of experience related to the job role Experience writing EDR countermeasures, Yara rules, and Regular Expressions Experience with malware analysis and threat profiling, preferably cybercrime threats like ransomware and ransomware precursors Experience with network traffic, memory, and log analysis Experience with automated malware analysis systems and identifying key indicators of compromise Excellent written and verbal communication skills, with the ability to present technical information to both technical and non-technical stakeholders Ability to work in a fast-paced environment with MDR and DFIR analysts Ability to follow guidance to take non-traditional and creative approaches to solving problems, and have the ability to quickly adapt as needed

DISCLAIMER
The above statements are intended to describe the general nature and level of work being performed. They are not intended to be an exhaustive list of all responsibilities, duties, and skills required by personnel so classified.
WORK ENVIRONMENT
While performing the responsibilities of this position, the work environment characteristics listed below are representative of the environment the employee will encounter: Usual office working conditions. Reasonable accommodations may be made to enable people with disabilities to perform the essential functions of this job.
TERMS OF EMPLOYMENT
Salary and benefits shall be paid consistent with Arete's salary and benefit policy.

DECLARATION
The Arete Incident Response Human Resources Department retains the sole right and discretion to make changes to this job description.
EQUAL EMPLOYMENT OPPORTUNITY
We're proud to be an equal opportunity employer- and celebrate our employees' differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better.
Arete Incident Response is an outstanding (and growing) company with a very dedicated, fun team. We offer competitive salaries, fully paid benefits including Medical/Dental, Life/Disability Insurance, 401(k) and the opportunity to work with some of the latest and greatest in the fast-growing cyber security industry.



When you join Arete...



You'll be doing work that matters alongside other talented people, transforming the way people, businesses, and things connect with each other. Of course, we will offer you great pay and benefits, but we're about more than that. Arete is a place where you can craft your own path to greatness. Whether you think in code, words, pictures or numbers, find your future at Arete, where experience matters.



Equal Employment Opportunity



We're proud to be an equal opportunity employer- and celebrate our employees' differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better.

About Us


Arete Incident Response is an elite team of the world's leading cybersecurity and digital forensics experts who combat today's sophisticated cyberattacks. We work tirelessly to provide unparalleled capabilities and solutions throughout the entire cyber incident life cycle. These include incident response readiness assessments and penetration tests as well as post-incident response, remediation, containment, and eradication services.
We work in close collaboration with industry leaders and government agencies along with leading cybersecurity technology platforms to deliver an innovative, intelligence-based approach to solving our client's toughest challenges.
If you want to work with the most talented and experienced people in the industry with the desire to be a cyber hunter and industry expert, we want you to be a part of our team.