Jobs listings from the slack

Submit a job posting: https://goo.gl/forms/QgbCdh6rVu6rfjJz1

Disclaimer: These job listings are generally provided by our users and are not legally binding. Please discuss all employment details with the company you're applying to. Thanks!

Microsoft

Listing Date: June 22, 2017

Contact: @abatchy on the slack

Title: SECURITY SOFTWARE ENGINEER

Location: Vancouver or Redmond

Description:

https://careers.microsoft.com/jobdetails.aspx?ss=&pg=0&so=&rw=1&jid=287906&jlang=EN&pp=SS

Do not apply here if interested, instead contact @abatchy  

Salary: A lot

Desired Education / Certifications BS in Computer Science or equivalent experience.

Remote Work / Travel: Not much

Clearance: n/a


Rapid 7

Listing Date: June 13, 2017

Contact: @Kalabaster on slack

Title: Cyber Potato

Location: Alexandria, VA or Belfast, Ireland

Description:

Work in Rapid7 Managed Detection and Response SOC, a 24/7 SOC with flexible hours with general shift work. This is a threat hunting and incident response roles, with a monitoring component. This is a 15% network based, and 85% host based shop. Be familiar or willing to learn about using host based forensic artifacts. Beers in the office fridge, nerf guns, weekly voluntary training sessions on voted topics, and the chance to chill with some of the smartest misfits in the biz (and also me). 

Ignore the garbage on the posted ad, these are the things that matter:

Can you speak to how you can catch bad guys? 

If someone finds malware on a system, can you do something with it that isn't just "look it up on virustotal and see if it's bad by its score" (i.e. find it out how it got there and what it did using filesystem, memory, network forensics)?

If I gave you a malicious PDF, how could you figure out how to see if it's bad (using google, etc)?

How can you prove evidence of execution on a file system?

What's shimcache and why is it useful?

What are different ways malware can establish persistence?

Can you code in python, go, or angular.js?

If I gave you a 2 GB csv of log data, can you do something useful with the data inside it, other than cry uncontrollably?

If you don't know the answer to these things, would you be able to learn it quickly if I gave you recommended reading on the subject?

Have you read and can you speak to any of these books: "Incident response and Computer Forensics, Third Edition", "Practical Malware Analysis", "The Art of Memory Forensics"?  

Salary: 25-40k (Belfast), 90k-130k (Alexandria) + 10% bonus (can go higher based off performance). Base salary in DC can go deep into 6 figures, but you have to actually know your shit for that.

Education: Not Listed

Desired Education / Certifications: None required, SANS/GIAC is preferred

Remote Work / Travel: Flexible WFH hybrid

Clearance: None