Hello all,
I am posting a position for one of my teams. Just to clear up some likely questions:
1. The position is in Calgary, Alberta Canada and is open to North American or EU
residents
only.
2. Re-lo money is available for strong candidates.Please read the requirements as
they are
hard and fast and I will not be able to review applicants without the requirements.
3. I will not be using an outside recruiter for this position.
Please send your resumes direct to me, I prefer plain text format. I
really prefer plain text format. A description of the role follows:
Symantec Incident Analysts provide the security intelligence behind the
DeepSight Threat Management System. Using an array of tools and their own security
experience, they analyze, document and correlate a range of
global security incidents, attacker behaviors and malicious code.
Incident Analysts get access to the most sophisticated and real time
global monitoring tools available. This system has been used to discover
numerous worms, allowing us to warn users and offer an analysis of the
worms behavior before other companies even noticed the threat. With the
TMS system, anomalies in global network behavior are detected and marked
automatically, providing this team with the most up to the minute snapshot
of the worldwide security environment. It is then this teams job to find
the story behind the numbers, and translate raw data into usable,
actionable information for our customers.
In addition, Incident Analysts have access to one of the largest
commercially deployed live honeynets. This system has been proven to be
successful in obtaining binaries of previously unknown malicious code,
allowing the IA team to reverse engineer these samples and be the first
group to get detailed analysis to the public.
The Incident Analyst position is best suited to individuals with a keen
interest in computer security, or in network forensics, excellent problem solving
skills, and
the ability and desire to be part of a fast-moving, dedicated team in a dynamic and
fast-paced environment.
An Incident Analysts duties include:
Signatures
----------
Analysis of vulnerabilities and malware including their associated
exploits, and network behavior. The vulnerability, exploit or malware is
explored sufficiently to understand the core security implication and
create an IDS signature centered around the threat.
Threat Analysis Reporting
-------------------------
Binary and forensic analysis of malware to detail new threats and
capabilities found in undocumented malware. Analysis of new trends in the development
or
deployment of malware.
Binary and forensic analysis of malware that is propagating
aggressively Detail new threats to TMS customers in an aggressive time
span. These threats include; new forms of malware, aggressive worms, new exploits or
evidence of active exploitation. Create a formalized summary documents of the
security issues
that have surfaced in our global attack database.
Correlation
-----------
Work on correlation tables between attacks and IDS/firewall event.
This involves research into IDS and firewall technologies for the purpose of
determining
which IDS and firewall alerts from different systems are associated with a specific
attack.
Technical Skills Required (and when we say required - it's required)
----------------------------------------------------------
- Strong understanding and previous experience with NIDS
- Strong understanding and previous experience with X86 programming
- Strong understanding of IDA and or related like tools.
- Strong understanding of network protocols and programming.
- Strong writing skills.
Soft Skills Required
--------------------
- Must be a strong team player and be self motivated. This position is on a well
established
team devoid of rock star attitudes and I'd like to keep it that way.
- Must be a self starter. This position requires someone who is able to
consistently perform without being whipped into action.
- Must be able to communicate issues clearly under stress and must be able to deal
with a
high stress environment.
