[prev in list] [next in list] [prev in thread] [next in thread] 

List:       security-jobs
Subject:    Incident Analyst - Calgary, AB Canada
From:       Alfred Huger <alfred_huger () symantec ! com>
Date:       2003-08-27 21:59:59
[Download RAW message or body]







1. The position is in Calgary, Alberta Canada and is open to North American
residents only.

2. The list of qualifications in the 'required section' are hard and fast
please do not apply unless you
feel your skills meet the criteria listed.

3. Re-lo money is available for strong candidates.Please read the
requirements as
they are  hard and fast and I will not be able to review applicants without
the requirements.

4. I will not be using an outside recruiter for this position.

Please send your resumes direct to me, I prefer plain text format. I really
prefer plain text format. A
description of the role follows:

Symantec Incident Analysts provide the security intelligence behind the
DeepSight Threat Management System. Using an array of tools and their own
security
experience, they analyze, document and correlate a range of global security
incidents,
attacker behaviors and malicious code.

Incident Analysts get access to the most sophisticated and real time
global monitoring tools available. This system has been used to discover
numerous worms, allowing us to warn users and offer an analysis of the
worms behavior before other companies even noticed the threat. With the
TMS system, anomalies in global network behavior are detected and marked
automatically, providing this team with the most up to the minute snapshot
of the worldwide security environment. It is then this teams job to find
the story behind the numbers, and translate raw data into usable,
actionable information for our customers.

In addition, Incident Analysts have access to one of the largest
commercially deployed live honeynets. This system has been proven to be
successful in obtaining binaries of previously unknown malicious code,
allowing the IA team to reverse engineer these samples and be the first
group to get detailed analysis to the public.

The Incident Analyst position is best suited to individuals with a keen
interest in computer security, or in network forensics, excellent problem
solving
skills, and the ability and desire to be part of a fast-moving, dedicated
team in a dynamic and
fast-paced environment.


 An Incident Analysts duties include:

Malware/Vulnerability Analysis
------------------------------
Analysis of vulnerabilities and malware including their associated
exploits, and network behavior. The vulnerability, exploit or malware is
explored sufficiently to understand the core security implications as
as it's impact on the environment in terms of forensic data etc.

Threat Analysis Reporting
-------------------------

Binary and forensic analysis of malware to detail new threats and
capabilities found in undocumented malware. Analysis of new trends in the
development
or deployment of malware.

Binary and forensic analysis of malware that is propagating aggressively
Detail new threats to
TMS customers in an aggressive time span. These threats include;  new forms
of malware, aggressive worms,
new exploits or evidence of active exploitation. Create a formalized
summary documents of the security
issues that  have surfaced in our global attack database.


Correlation
-----------

Work on correlation tables between attacks and IDS/firewall event. This
involves research into IDS and
firewall technologies for the purpose of determining which IDS and firewall
alerts from different systems
are associated with a specific attack.

Technical Skills Required (and when we say required - it's required)
----------------------------------------------------------

 - Strong understanding and previous experience with NIDS
 - Strong understanding and previous experience with X86 programming
 - Strong understanding of IDA and or related like tools.
 - Strong understanding of network protocols and programming.
 - Strong writing skills.


Soft Skills Required
--------------------

 - Must be a strong team player and be self motivated. This position is on
a well
established team devoid of rock star attitudes and I'd like to keep it that
way.

 - Must be a self starter. This position requires someone who is able to
consistently perform without being whipped into action.

 - Must be able to communicate issues clearly under stress and must be able
to deal
with a high stress environment.

[prev in list] [next in list] [prev in thread] [next in thread]