Hey all,
I am posting a position for one of my teams. Just to clear up some likely questions: 1. The position is in Dublin, Ireland and is open to EU residents only. Strong preference is given to Irish candidates. 2. Re-lo money is unlikely unless you are a very strong candidate. 3. I will not be using an outside recruiter for this position. Please send your resumes direct to me, I prefer plain text format. I really prefer plain text format. A description of the role follows: Symantec Incident Analysts provide the security intelligence behind the DeepSight Threat Management System. Using an array of tools and their own security experience, they analyze, document and correlate a range of global security incidents, attacker behaviors and malicious code. Incident Analysts get access to the most sophisticated and real time global monitoring tools available. This system has been used to discover numerous worms, allowing us to warn users and offer an analysis of the worms behavior before other companies even noticed the threat. With the TMS system, anomalies in global network behavior are detected and marked automatically, providing this team with the most up to the minute snapshot of the worldwide security environment. It is then this teams job to find the story behind the numbers, and translate raw data into usable, actionable information for our customers. In addition, Incident Analysts have access to one of the largest commercially deployed live honeynets. This system has been proven to be successful in obtaining binaries of previously unknown malicious code, allowing the IA team to reverse engineer these samples and be the first group to get detailed analysis to the public. The Incident Analyst position is best suited to individuals with a keen interest in computer security, or in network forensics, excellent problem solving skills, and the ability and desire to be part of a fast-moving, dedicated team in a dynamic and fast-paced environment. An Incident Analysts duties include: Signatures ---------- Analysis of vulnerabilities and malware including their associated exploits, and network behavior. The vulnerability, exploit or malware is explored sufficiently to understand the core security implication and create an IDS signature centered around the threat. Threat Analysis Reporting ------------------------- Binary and forensic analysis of malware to detail new threats and capabilities found in undocumented malware. Analysis of new trends in the development or deployment of malware. Binary and forensic analysis of malware that is propagating aggressively Detail new threats to TMS customers in an aggressive time span. These threats include; new forms of malware, aggressive worms, new exploits or evidence of active exploitation. Create a formalized summary documents of the security issues that have surfaced in our global attack database. Correlation ----------- Work on correlation tables between attacks and IDS/firewall event. This involves research into IDS and firewall technologies for the purpose of determining which IDS and firewall alerts from different systems are associated with a specific attack. Technical Skills Required (and when we say required - it's required) ---------------------------------------------------------- - Strong understanding and previous experience with NIDS - Strong understanding and previous experience with X86 programming - Strong understanding of IDA and or related like tools. - Strong understanding of network protocols and programming. - Strong writing skills. Soft Skills Required -------------------- - Must be a strong team player and be self motivated. This position is on a well established team devoid of rock star attitudes and I'd like to keep it that way. - Must be a self starter. This position requires someone who is able to consistently perform without being whipped into action. - Must be able to communicate issues clearly under stress and must be able to deal with a high stress environment.
