Job Description

On the Mandiant Labs Applied Research team we research and develop technology to automate the processing of malicious cyber activities. We ingest hundreds of thousands of samples daily and perform analysis at scale to track numerous malware families as they develop and evolve. 

The goal of this project is to perform research and development to extend and improve Applied Research’s malware family identification capabilities. To accomplish the goals for this project, the intern will first analyze the current tools we use to reverse engineer and identify malware techniques and families. The intern will then be given a research or development project, prioritized by Applied Research, to deliver. Sample projects include researching new or novel techniques to identify related code groups, analyzing changes and commonalities across malware families, or analyzing malware samples seen by in the wild to extract unique indicators.  

RESPONSIBILITIES: 

The goals of the Applied Research intern are twofold: to provide an opportunity to introduce the art of malware analysis, and to improve the capacity of the analysis system. A successful intern will study across various fields of threat tracking, family identification, software development, and reverse engineering, including the courses offered by Mandiant, so that they may attain the title of "Research Engineer" and be considered when applying to the Applied Research team.

• Develop proficiency in using both commercial and in-house technologies used to study malware at scale
• A project or tasking with milestones will be created based on interests and FLARE team needs. Previous projects include implementing a Recurrent Neural Network (RNN)-based disassembler, developing countermeasures to modern obfuscation technologies, and programmatically extracting malware family configurations and/or malicious payloads.
• The ability to share technical information with a variety of audiences is important! All interns will present accomplishments from the duration of the Summer to both a company-wide audience and the Labs team.

Qualifications

MINIMUM REQUIREMENTS:

• Clear interest in developing a foundation in research engineering with a focus on malware analysis at scale.
• 1+ years' experience, via internships, classes, projects or similar, with Python
• 1+ years' experience, via internships, classes, projects or similar, in a system programming language (C/C++, Go, etc.).
• Basic understanding of Windows or Linux operating systems internals.
• 1+ years' experience, via internships, classes, projects or similar, with an assembly language (x86, x64, ARM, MIPS, etc.). 
• Ability to document and explain technical details clearly and concisely.  
• Ability to deliver well-designed and documented code and discuss technical decisions.
• Eligible students are working towards a bachelor's or master's degree and must be returning to school the semester following the internship

PREFERRED QUALIFICATIONS:

• Development experience in Python, Go or C
• Experience using a disassembler and/or decompiler (ex. IDA Pro, Ghidra, Radare2, Binary Ninja, etc.)
• Experience with assembly-level debugging (WinDbg, gdb, x64dbg, IDA Debugger, etc.). 
• Experience developing (C#) and/or reverse engineering .NET (MSIL) binaries.

Additional Information At FireEye we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.