Now at IOActive

For those that haven't seen the exchanges on Twitter or LinkedIn, I'm no longer with Damballa...

The last 3.5 years with Damballa were a wild ride. My first 3 years with the company saw much innovation and cutting-edge technology making its way to the market, but as things slowed down and the business doubled down on the features that make a product more "channel friendly", it was becoming less interesting to me. Don't get me wrong though, the research coming from Damballa Labs still can't be beat, and I hope it makes it the product sometime soon.

So, with that all said, I wanted to get back in to consulting. I love the constant flux of new problems, logistics and cutting-edge technology.

Last week I joined IOActive, Inc., as their CTO.

As some of you may be aware, I've been working with the company for a number of years - including being  a member of their Advisory Board. As their CTO my initial focus will be on helping to develop the long-term service strategy - bringing new boutique and cutting-edge services to market to address the latest onslaught of technology threats and preempt many upcoming security problems for large and sophisticated organizations.

IOActive is a fantastic company. It's at the forefront of advanced security consultancy and has been growing at an amazing rate.

So, with all that said, you can now find me at IOActive, and I'd be pleased to offer you my new business card. I'm sure IOActive will be able to help! :-)

Senior Research Analyst Role(s) Now Available

Just a quick note to say that I've got a couple of open security jobs going for Senior Research Analysts over at Damballa. I'm looking for a couple of folks that like living on the cutting-edge of security.

You can submit your resume on the company portal HERE if you're interested in getting elbow-deep with botnets.

Below is the job description...

Job Specification: "Senior Research Analyst"
Internet security is evolving at an increasingly rapid pace. As the thrust and parry of attack vectors and defensive tactics force technologies to advance, the biggest security threat now facing enterprise organizations lies with botnets. The Damballa Research team spearheads global threat research and botnet detection innovation.

Damballa’s dedicated research team is responsible for botnet threat analysis and detection innovation. From our Internet observation portals, and using the latest investigative technologies to intercept and capture samples, the research team studies the techniques employed by criminal botnet operators to command and control their zombie hordes – mapping their spread and evolution – and developing new technologies to both detect and thwart the threat.

As a Senior Research Analyst you would be part of the team responsible for providing the threat knowledge that powers the core technologies of Damballa’s products – working on advanced pattern detection algorithms, massive data collection and analysis solutions, prototyping new detection systems, and advancing large-scale applications that deliver actionable threat intelligence.

The rapid evolution of the threat means that, as a Senior Research Analyst, you will also need to be able to deep-dive in to the botnet masters lair – turning over the rocks they hide under and visiting the online portals they do their business in – and be capable of analyzing the evidence of their passing. A key to being successful in this role is the ability to provide internal departments with comprehensive intelligence on malicious software (malware) behavior as it pertains to Botnets and other targeted threats – and to be able to communicate the threat in a clear and concise manner.

Collaborating with the marketing and engineering teams, the Senior Research Analyst will typically need to design and construct analysis tools that automate the extraction of botnet intelligence and make it available to the company’s other technologies and its knowledgebase as well as responding to ad-hoc requests for malware analysis driven by business and client needs to determine characteristics, functionality, and/or recommend countermeasures.

The position may entail interaction with the media following the successful outcome of directed research or response activities.

Responsibilities:

• Independent threat analysis and data mining of new botnet instances
• Research in to new methods for detecting and reporting botnet activities
• Dissection of new botnet samples and the automation of sample processing
• Investigation of new botnet command and control tactics and subsequent enumeration of botnet operators
• Focused analysis of botnet outbreaks within enterprise and ISP networks
• Contribution to research and commercial papers describing the evolving botnet threat

Skills & Experience:

• Experience as a security engineer, threat intelligence analyst, or similar senior technical role
  
• Extensive knowledge of tracing and debugging Windows processes in the context of malware reverse engineering
• Proficiency with C/C++ programming and x86 assembly /disassembly
• Deep understanding of network flow data analysis , deep packet inspection and network behaviors of malicious software
• Comprehensive knowledge of anti-debugging and anti-instrumentation techniques
• Familiarity with packing and anti-reverse engineering techniques, including data obfuscations that employ primitive or basic cryptography
• Ability to troll underground Internet forums and criminal sites/portals for new botnet intelligence

Requirements:

• BS or MS in Computer Science or equivalent industry experience
• Good understanding of TCP/IP networking and security
• Proficient in multiple compiled and scripting languages (Perl, Python, Ruby, Java, C, etc.)
• Proficient with Unix (Linux preferred) development and production environment
• Proficient query design in relational databases (Postgres/pgsql preferred)
• Excellent formal communication and presentation skills
• Ability to read and translate multiple international languages a bonus

-------
Note: The roles are ideally based in Atlanta. If you're having trouble with the online form (or need to check to see if your resume arrived safely), you can always try to drop me an email at my work address of 'gollmann-at-damballa-dot-com' - but don't bother to do so if you're an agent or representing someone else (those emails will go straight to the deleted items).