Threat Intelligence Researcher

eSentire® is the largest pure-play Managed Detection and Response (MDR) service provider, keeping organizations safe from constantly evolving cyber-attacks that technology alone cannot prevent. Its 24x7 Security Operations Center (SOC), staffed by elite security analysts, hunts, investigates, and responds in real-time to known and unknown threats before they become business disrupting events. Protecting more than $6 trillion in corporate assets, eSentire absorbs the complexity of cybersecurity, delivering enterprise-grade protection and the ability to comply with growing regulatory requirements. eSentire has been recognized in Deloitte’s Technology Fast 50™  and Fast 500™, Canada’s Top Small and Medium Employers, and Gartner’s Market Guide for Managed Detection and Response. For more information, visit www.eSentire.com and follow @eSentire.

eSentire is looking for highly capable individuals to be part of a best-in-class cyber threat intelligence team. eSentire is a recognized industry leader and one of Canada’s Fastest-Growing Tech company. We work in a collaborative and innovative work environment with brilliant and passionate people who strive and encourage others to do their best. Join us to gain rewarding and developing career experience with the ability to grow and make an impact from your work. 

 

THE OPPORTUNITY

 

The successful candidate will report to the Manager of Threat Intelligence and have primary responsibility for delivery of dynamic and static malware analysis services, as well as research into emerging threats/attack techniques. By working collaboratively with the team, you will produce new detection rules and written technical analytical assessments with the outcome of improved abilities to disrupt cybercrime. This is a technical, hands-on role, for a person who enjoys solving complex problems. Along with strong intrusion detection acumen and keen technical skills, a successful candidate should be methodical and apply creative thinking, with the capacity to push conventional boundaries, aiming to deliver state-of-the-art cybersecurity protection services.

 

RESPONSIBILITIES

 

  • Apply expert-level knowledge to analyze and reverse-engineer malware and exploits using both static and dynamic tools and techniques to develop methods of tracking and detecting criminal activity on the internet.
  • Produce high-quality tactical level intelligence analysis of cyber threats and actors in support of the team objectives as well as overall cyber security and network defense operations.
  • Provide detailed findings in technical reports with details of the malware, unique identification parameters, and the relationship between a given sample of malware and other known samples/families of malware, or incidents.
  • Develop new rules, deliver timely and actionable recommendations, and take all necessary actions to improve the detection, escalation, and containment of cyber security incidents, ensuring that relevant stakeholders are well educated and equipped on addressing breaking to security issues.
  • Assist in identification and integration of new collection sources with our Threat Intelligence Platform.
  • The manager will assign other duties if required.

Time allocation

  • 40% – Intelligence Processing and Reporting
  • 40% - Threat Intelligence Escalations
  • 20% - Intelligence Dissemination

REQUIREMENTS

 

  • Minimum of 3 years of threat research experience or an analytic role of either intrusion detection or network forensics analyst or consultant.
  • Experience in performing security incidents detection and handling in an operational environment such as SOC, CSIRT, CERT.
  • Strong written and verbal communication skills; ability to understand complex problems while formally presenting them simplistically.
  • Experience with application security, network security, reverse engineering, or malware.
  • Familiarity with analyzing disassembly of x86 and x64 binaries. 
  • Ability to use one of the following programming languages: (Java/Ruby/Python/Perl/R).

Desired Skills

 

  • Experience with program and system analysis with various tools, including IDA Pro, BinDiff, Ollydbg, PCAP tools.
  • Deep technical knowledge of Windows OS internals and common file formats.
  • Industry certification in reverse engineering or similar area of expertise.
  • Familiarity with analytical models such as Diamond Model, Kill Chain and Attack Trends.
  • Familiarity with MITRE’s ATT&CK framework.
  • Understanding of the cyber security industry and business problems that need to be solved.

WORK CONDITIONS

 

  • Work will be in the standard business environment during 9 to 5 office hours (flexible) 
  • The position does not require the availability for on-call rotation, extended travel, or 24/7 shift coverage.
  • In case of emergency working hours might be modified.

Why a Career with eSentire?

 

Our Culture: At eSentire we work in a collaborative and innovative work environment. We work with brilliant and passionate people who strive and encourage others to do their best. eSentire’s idea-rich environment welcomes creative and sometimes unconventional perspectives! 

 

Growth Opportunities: At eSentire you will have the opportunity to grow and make an impact from your work. We encourage innovation in all who become a part of our team. With growing operations internationally, there is lots of lateral and upward advancement opportunities for rewarding and developing careers with eSentire. We’re strong believers in continuing education and provide the resources that you need to continue learning.

 

Employee Perks: Every day we provide free breakfast and refreshments, flexible hours, half day off birthdays, concierge services, RRSP matching program, subsidies for continuing education and health and wellness and attractive compensation and benefit plans. We make it our obligation to the team here to stay current with compensation trends in the tech field!

We thank all applicants in advance for applying. Only individuals selected for interviews will be contacted. eSentire is committed to creating a fair work environment that is aligned with  the Accessibility for Ontarians with Disabilities Act (AODA). We guarantee equal treatment and provide opportunities regardless of race, creed, color, religion, national origin, ancestry, marital status, affectional or sexual orientation, gender identity or expression, disability, nationality, sex, status as a protected veteran or any other legally protected grounds and will not discriminate on these basis. If you have any accessibility requirements during the recruitment process, please reach out to our HR team at aoda@esentire.com and any accommodation needs will be addressed upon request.