Monday, July 13, 2009

Senior Research Analyst Role(s) Now Available

Just a quick note to say that I've got a couple of open security jobs going for Senior Research Analysts over at Damballa. I'm looking for a couple of folks that like living on the cutting-edge of security.

You can submit your resume on the company portal HERE if you're interested in getting elbow-deep with botnets.

Below is the job description...

Job Specification: "Senior Research Analyst"
Internet security is evolving at an increasingly rapid pace. As the thrust and parry of attack vectors and defensive tactics force technologies to advance, the biggest security threat now facing enterprise organizations lies with botnets. The Damballa Research team spearheads global threat research and botnet detection innovation.

Damballa’s dedicated research team is responsible for botnet threat analysis and detection innovation. From our Internet observation portals, and using the latest investigative technologies to intercept and capture samples, the research team studies the techniques employed by criminal botnet operators to command and control their zombie hordes – mapping their spread and evolution – and developing new technologies to both detect and thwart the threat.

As a Senior Research Analyst you would be part of the team responsible for providing the threat knowledge that powers the core technologies of Damballa’s products – working on advanced pattern detection algorithms, massive data collection and analysis solutions, prototyping new detection systems, and advancing large-scale applications that deliver actionable threat intelligence.

The rapid evolution of the threat means that, as a Senior Research Analyst, you will also need to be able to deep-dive in to the botnet masters lair – turning over the rocks they hide under and visiting the online portals they do their business in – and be capable of analyzing the evidence of their passing. A key to being successful in this role is the ability to provide internal departments with comprehensive intelligence on malicious software (malware) behavior as it pertains to Botnets and other targeted threats – and to be able to communicate the threat in a clear and concise manner.

Collaborating with the marketing and engineering teams, the Senior Research Analyst will typically need to design and construct analysis tools that automate the extraction of botnet intelligence and make it available to the company’s other technologies and its knowledgebase as well as responding to ad-hoc requests for malware analysis driven by business and client needs to determine characteristics, functionality, and/or recommend countermeasures.

The position may entail interaction with the media following the successful outcome of directed research or response activities.

  • Independent threat analysis and data mining of new botnet instances
  • Research in to new methods for detecting and reporting botnet activities
  • Dissection of new botnet samples and the automation of sample processing
  • Investigation of new botnet command and control tactics and subsequent enumeration of botnet operators
  • Focused analysis of botnet outbreaks within enterprise and ISP networks
  • Contribution to research and commercial papers describing the evolving botnet threat
Skills & Experience:
  • Experience as a security engineer, threat intelligence analyst, or similar senior technical role
  • Extensive knowledge of tracing and debugging Windows processes in the context of malware reverse engineering
  • Proficiency with C/C++ programming and x86 assembly /disassembly
  • Deep understanding of network flow data analysis , deep packet inspection and network behaviors of malicious software
  • Comprehensive knowledge of anti-debugging and anti-instrumentation techniques
  • Familiarity with packing and anti-reverse engineering techniques, including data obfuscations that employ primitive or basic cryptography
  • Ability to troll underground Internet forums and criminal sites/portals for new botnet intelligence
  • BS or MS in Computer Science or equivalent industry experience
  • Good understanding of TCP/IP networking and security
  • Proficient in multiple compiled and scripting languages (Perl, Python, Ruby, Java, C, etc.)
  • Proficient with Unix (Linux preferred) development and production environment
  • Proficient query design in relational databases (Postgres/pgsql preferred)
  • Excellent formal communication and presentation skills
  • Ability to read and translate multiple international languages a bonus
Note: The roles are ideally based in Atlanta. If you're having trouble with the online form (or need to check to see if your resume arrived safely), you can always try to drop me an email at my work address of 'gollmann-at-damballa-dot-com' - but don't bother to do so if you're an agent or representing someone else (those emails will go straight to the deleted items).


  1. I chanced upon to view your blog and found it very interesting as well as very informative, i was need such type information, which you have submitted. I really thankful to you, this posting help a huge number of people. Great ... Keep it up!

  2. I recently came accross your blog and have been reading along. I thought I would leave my first comment. I dont know what to say except that I have enjoyed reading. Nice blog. I will keep visiting this blog very often.