Malware Reverse Engineer Lead

  • Allstate,
  • Northbrook, IL
Analysis, Analyst, Android, Bash, CASE, CISSP, Cryptography, Database, Database Administration, DB2, Development, DNS, Genetic, Hardware, HTTP, IBM, IMS, iOS, Linux, Management, Modeling, NoSQL, Oracle, Perl, PowerShell, Programming, Protocols, Python, Research, Security, SMTP, SQL, SQL Server, TCP/IP, Testing, Unix, Video, VM, Windows, XML
Full Time
Work from home not available Travel not required

Job Description

Where good people build rewarding careers.

Think that working in the insurance field can-t be exciting, rewarding and challenging? Think again. You-ll help us reinvent protection and retirement to improve customers- lives. We-ll help you make an impact with our training and mentoring offerings. Here, you-ll have the opportunity to expand and apply your skills in ways you never thought possible. And you-ll have fun doing it. Join a company of individuals with hopes, plans and passions, all using and developing our talents for good, at work and in life.

Job Description

The Allstate Information Security (AIS) department is responsible for managing cyber security at Allstate. This includes Governance/Risk/Compliance, Access Management, Network Security, and Threat Response Services. The department is responsible for ensuring confidentiality, integrity, and availability of Allstate systems.

We are seeking an experienced Malware Analyst/Reverse Engineer to perform malware analysis and reverse engineering in support of incident response, investigative analysis, threat hunting, and research on existing and emerging cyber threats. The role will involve in-depth analysis of static and behavioral analysis of complex malicious code utilizing various tools, including disassemblers, debuggers, hex editors, un-packers, virtual machines, and network sniffers. The candidate will perform the functions of malware analyst/reverse engineer and serve as a liaison for Threat Services for the Global Fusion Center, and mentor and collaborate with the threat hunting, incident handling/response, and forensics teams.

Key Responsibilities

  • Use expertise in malware analysis/reverse engineering to evaluate and analyze complex malicious code.
  • Perform reverse-engineering for suspected or known malware files, determining the TTPs associated with the code.
  • Develop custom tools designed to automate analysis.
  • Perform research around malicious software, vulnerabilities, and exploitation tactics, and recommend preventative or defensive actions.
  • Produce detailed reports identifying attributes and functionality of malware, and IOCs that can be used for malware identification/detection, to include behavior, identified infrastructure used for command and control, and mitigation techniques.
  • Assist in identifying (hunting) and profiling threat actors and TTPs.
  • Develop host and network based signatures to identify specific malware via heuristic and/or anomaly based detection methods.
  • Participate in formal technical briefing and proposals.
  • Perform as an Information Security SME in the several of the following areas:
    • Malicius code behavior
    • Threat Intelligence
    • Incident Respnse
    • Web Applicatin
    • Lg analysis (statistical modeling, correlation, pattern recognition, etc.)
    • Micrsoft platform (Server, workstation, applications)

Key Responsibilities (Cont'd)

  • Open Systems platfrms (Linux, UNIX, VM Ware ESX)
  • N etworking (firewalls, IDS/IPS, packet capture)
  • Databases (Oracle, SQL Server, DB2, IMS)
  • -and others.

  • Providing mentorship a nd support to teammates regarding malicious file analysis/behavior, communication/rapport with other divisions and various levels of leadership, technical expertise, and career development.
  • Capable of identifying need & driving solutions, and providing guidance, in an autonomous manner.

Job Qualifications

  • Bachelors and/or Masters Degree in Engineering, Computers Science, or related field
  • 7+ years overall technical experience in either reverse engineering/malware analysis, threat intelligence, incident response, security operations, or related information security field.
  • 5+ years experience in application design/engineering, including but not limited to programming/scripting, Windows/Linux system administration, RDBMS/NoSQL database administration, etc.
  • 2+ years experience in penetration testing, ethical hacking, exploit writing, and vulnerability management
  • Advanced experience with reverse engineering tools like IDA Pro, Ghidra, OllyDbg, Windbg, and Wireshark.
  • Strong knowledge of Python scripting to automate analysis and reverse engineering tasks.
  • Ability to reverse engineer binaries of various types including: x86, x64, C, C++, and .NET.
  • Deep understanding of x86, ARM, and x64 architectures.
  • Strong understanding of Windows Operating System Internals, Windows APIs, and writing and analyzing DLLs.
  • Strong experience with programming languages (Python, Bash, PowerShell, Perl, C/C++).
  • Recent experience developing custom software and hardware tools to assist in performing reverse engineering and vulnerability analysis.
  • Deep understanding of common network and application stack protocols, including but not limited to TCP/IP, SMTP, DNS, TLS, XML, HTTP, etc.

Job Qualifications (Cont'd)

  • Advanced experience with security operations tools, including but not limited to:
    • SIEM (e.g. Splunk, ArcSight)
    • Indicatr management (e.g. ThreatConnect)
    • Link/relatinship analysis (e.g. Maltego, IBM i2 Analyst Notebook)
    • Signature develpment/management (e.g. Snort rules, Yara rules)
    • Broad experience with various common security infrastructure tools (NIDS, HIPS, EDR, etc.)
    • Excellent analytical and problem solving skills, a passion for research and puzzle-solving.
    • Expert understanding of large, complex corporate network environments.
    • Strong communication (oral, written, presentation), interpersonal and consultative skills, especially in regard to white papers, briefs, and presentations.
    • Good organization and documentation skills.
    • Leadership and mentorship skills.

Preferred Competencies

  • At least hobbyist experience in -maker-/hardware hacking, e.g. Raspberry Pi, Arduino, etc.
  • Familiarity with Linux OS and mobile iOS/Android forensics.
  • Experience in cryptography or cryptanalysis.
  • Experience with incident response workflow (or other case management -ticketing-) tools such as RSA Archer, ServiceNow, Remedy, JIRA, Resilient, Best Practical Request Tracker, etc.
  • Obtained certifications in several of the following: SANS GIAC courses, GREM, CEH, CISSP, OSCP, or tool-specific certifications

The candidate(s) offered this position will be required to submit to a background investigation, which includes a drug screen.

Good Work. Good Life. Good Hands-.

As a Fortune 100 company and industry leader, we provide a competitive salary - but that-s just the beginning. Our Total Rewards package also offers benefits like tuition assistance, medical and dental insurance, as well as a robust pension and 401(k). Plus, you-ll have access to a wide variety of programs to help you balance your work and personal life -- including a generous paid time off policy.

Learn more about life at Allstate. Connect with us on Twitter , Facebook , Instagram and LinkedIn or watch a video .

Allstate generally does not sponsor individuals for employment-based visas for this position.

Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component.

For jobs in San Francisco, please click "here" for information regarding the San Francisco Fair Chance Ordinance.

For jobs in Los Angeles, please click "here" for information regarding the Los Angeles Fair Chance Initiative for Hiring Ordinance.

It is the Company-s policy to employ the best qualified individuals available for all jobs. Therefore, any discriminatory action taken on account of an employee-s ancestry, age, color, disability, genetic information, gender, gender identity, gender expression, sexual and reproductive health decision, marital status, medical condition, military or veteran status, national origin, race, religion (including religious dress), sex, or sexual orientation that adversely affects an employee's terms or conditions of employment is prohibited. This policy applies to all aspects of the employment relationship, including, but not limited to, hiring, training, salary administration, promotion, job assignment, benefits, discipline, and separation of employment

Dice Id : appblok
Position Id : 2676_123209-en_US
Have a Job? Post it

Similar Positions

QRadar Specialist - REMOTE
  • Oscar Associates Americas LLC
  • Remote; Any Location In The U.s., IL
Senior Security Engineer
  • Request Technology, LLC
  • Schaumburg, Illinois
Business Security Protection Engineer
  • ALTEK Information Technology, Inc
  • Chicago, IL
PaloAlto Engineer
  • Wipro Ltd.
  • Chicago, IL
Senior Security Engineer
  • The LaSalle Network
  • Lake Forest, IL
Security Engineer
  • C F Industries
  • Deerfield, IL
Palo Alto Firewall Engineer
  • Apex Systems, Inc
  • Milwaukee, WI
POS Tester
  • cyberThink, Inc.
  • Indianapolis, IN
Midlvel CyberArk Admin Engineer
  • Smart Caliber Technology
  • St. Louis, MO
Sr. Security Engineer
  • Harmer Consultants, Inc.
  • Chicago, IL
EUC engineer
  • Interactive Business Systems
  • Chicago, IL
IT Security Engineer
  • Robert Half Technology
  • Fitchburg, WI