Malware & Threat Intel in Tech
Which tech companies have mature threat intelligence and malware research capabilities? Or sincere interest in developing such a capability, even if not mature or in place yet? If you’re on a team like this: how do you gauge technical ability in interviews? LC for Security roles or no? Reversing a sample seems more relevant than LC but how do you balance the time requirements? Update: I’m interested in malware analysis/reversing, may have lost context based on some comments. Not a malware dev! TC: $300k (working for employer different than listed on this profile) #cybersecurity #interview #security #jobhunt
Many people at the highest echelons of security have backgrounds as hackers who never got caught, but have written plenty of malware. This is a closely related but distinct engineering field from computer science with a lot of material that it not going to be covered thoroughly in CS undergrad.
For sure—I am a lowly analyst, no aspirations of authoring malware. I’d stick to being the jerk running the initial access stage in an APT op, or maybe review what’s causing detections. Maybe someday there can be a black hat CS path as this field matures and the need grows!
A lot of the stuff hackers learn could absolutely be taught in schools from in a software engineering security class, and there's a lot of good material in such classes. They're just not exhaustive, is all.
Entertainment and finance also invest in threatIntel.
Hadn’t considered entertainment, good call—makes sense with high stakes and high profile leaks in the past.
I think I have seen job post in that area at companies like Uber, Paypal in the past. Not sure if they currently have such positions.
Thanks! Ya PayPal def has a team. I interviewed for Threat Hunting team at PP and it sounded like a hot mess, I backed out after hiring manager chat. :X
Mind sharing what made it a hot mess for you ?
Google's Project Zero, FireEye (they will pay you 1/10th of what FAANG will - not an exaggeration), SANS ISC, some MSSP's, etc. Most big tech companies do some form of threat intelligence. Technical ability measured with LC-like tasks (e.g., deobfuscate this script yourself), adversarial "system design" questions (e.g. you are tasked with developing malware that must remain undetected for 3 months in a F500, walk me through how you'd design it), knowledge based questions (e.g. explain one way a race condition could lead to a security compromise). Certs are bigger in this space.
Google Project Zero difficult af to get into, you gotta be basically renowned in the space to get there. Designing a piece of malware that stays undetected in a F500 system for 3 months is realistic but not for an interview, Id expect people to target Windows for the ability to import the native system calls but it would be purely a simulation. And idfk what certs your talking about unless maybe it’s ISC but even then if you can prove you read assembly and can run a sample in a VM without Internet you’ll be good lol, people won’t just miss out on a malware analyst just bc they don’t have certs
Totally realistic for an interview, just verbally describing how they'd design it.