Malware Reverse Engineer (Remote - Home Based Worker)

Posted on Mar 18 4 views Northbrook, IL

The world isn’t standing still, and neither is Allstate.  We’re moving quickly, looking across our businesses and brands and taking bold steps to better serve customers’ evolving needs.  That’s why now is an exciting time to join our team.  You’ll have opportunities to take risks, challenge the status quo and shape the future for the greater good.

You’ll do all this in an environment of excellence and the highest ethical standards – a place where values such as integrity, inclusive diversity and accountability are paramount.  We empower every employee to lead, drive change and give back where they work and live.  Our people are our greatest strength, and we work as one team in service of our customers and communities.

Everything we do at Allstate is driven by a shared purpose: to protect people from life’s uncertainties so they can realize their hopes and dreams.  For more than 89 years we’ve thrived by staying a step ahead of whatever’s coming next – to give customers peace of mind no matter what changes they face.  We acted with conviction to advocate for seat belts, air bags and graduated driving laws.  We help give survivors of domestic violence a voice through financial empowerment.  We’ve been an industry leader in pricing sophistication, telematics, digital photo claims and, more recently, device and identity protection.  We are the Good Hands.  We don’t follow the trends.  We set them.

Job Description

**For this opportunity, we are open to qualified candidates to work from our Allstate strategic local offices in Charlotte, NC or Tempe, AZ. Strong qualified individuals in other US geographic markets will be given consideration as potential home-based professionals.**

We are seeking an experienced Malware Analyst / Reverse Engineer to perform malware analysis and reverse engineering in support of incident response, investigative analysis, threat hunting, and research on existing and emerging cyber threats. The role will involve in-depth analysis of static and behavioral analysis of complex malicious code utilizing various tools, including disassemblers, debuggers, hex editors, un-packers, virtual machines, and network sniffers. The individual stepping into this position will perform the functions of malware analyst/reverse engineer and serve as a liaison for Threat Services for the Global Security Fusion Center (GSFC), and mentor and collaborate with the threat hunting, incident handling/response, and forensics teams.

Primary Responsibilities:
  • Utilize expertise in malware analysis/reverse engineering to evaluate and analyze complex malicious code
  • Perform reverse-engineering for suspected or known malware files, determining the TTPs associated with the code
  • Develop custom tools designed to automate analysis
  • Perform research around malicious software, vulnerabilities, and exploitation tactics, and recommend preventative or defensive actions
  • Produce detailed reports identifying attributes and functionality of malware, and IOCs that can be used for malware identification/detection, to include behavior, identified infrastructure used for command and control, and mitigation techniques
  • Assist in identifying (hunting) and profiling threat actors and TTPs
  • Develop host and network based signatures to identify specific malware via heuristic and/or anomaly based detection methods
  • Participate in formal technical briefing and proposals
  • Perform as an Information Security SME in the some of the following areas:
    • Malicious code behavior
    • Threat Intelligence
    • Incident Response
    • Web Application
    • Log analysis (statistical modeling, correlation, pattern recognition, etc.)
    • Microsoft platform (Server, workstation, applications)
    • Open Systems platforms (Linux, UNIX, VM Ware ESX)
    • Networking (firewalls, IDS/IPS, packet capture)
    • Databases (Oracle, SQL Server, DB2, IMS)
  • Provide mentorship and support to teammates regarding malicious file analysis/behavior and build communication/rapport with other divisions and various levels of leadership
  • Identify need, drive solutions, and provide guidance in an autonomous manner
Essential Job Criteria
  • Bachelors and/or Masters Degree in Engineering, Computers Science, etc.
  • 5+ years technical experience in reverse engineering/malware analysis, threat intelligence, incident response, security operations, or related info security field
  • 2+ years experience performing direct reverse engineering/malware analysis
  • 2+ years experience in penetration testing, ethical hacking, exploit writing, or vulnerability management
  • Advanced experience with reverse engineering tools like IDA Pro, Ghidra, OllyDbg, Windbg, and BinaryNinja
  • Ability to reverse engineer binaries of various types including: x86, x64, C, C++, and .NET
  • Deep understanding of x86, ARM, and x64 architectures
  • Strong understanding of Windows Operating System Internals, Windows APIs, and writing and analyzing DLLs
  • Strong experience with programming languages (Python, Bash, PowerShell, Perl, C/C++, Go)
  • Recent experience developing custom software and hardware tools to assist in performing reverse engineering and vulnerability analysis
  • Deep understanding of common network and application stack protocols, including but not limited to TCP/IP, SMTP, DNS, TLS, XML, HTTP, etc.
  • Advanced experience with security operations tools, including but not limited to:
    • SIEM (e.g. Splunk, ArcSight)
    • Indicator management (e.g. ThreatConnect)
    • Link/relationship analysis (e.g. Maltego, IBM i2 Analyst Notebook)
    • Signature development/management (e.g. Snort rules, Yara rules)
  • Broad experience with various common security infrastructure tools (NIDS, HIPS, EDR, etc.)
  • Excellent analytical and problem-solving skills, a passion for research and puzzle-solving
  • Strong communication (oral, written, presentation), interpersonal and consultative skills, especially in regard to white papers, briefs, and presentations
  • Good organization and documentation skills
  • Leadership and mentorship skills
Desirable Job Criteria
  • At least hobbyist experience in “maker”/hardware hacking, e.g. Raspberry Pi, Arduino, etc.
  • Familiarity with Linux OS and mobile iOS/Android forensics
  • Experience in cryptography or cryptanalysis
  • Experience with incident response workflow (or other case management “ticketing”) tools such as RSA Archer, ServiceNow, Remedy, Resilient, Best Practical Request Tracker, etc.
  • Expert understanding of large, complex corporate network environments
  • Obtained certifications in several of the following: SANS GIAC courses, GREM, CEH, CISSP, OSCP, or tool-specific certifications

The candidate(s) offered this position will be required to submit to a background investigation, which includes a drug screen.


Good Work. Good Life. Good Hands®.


As a Fortune 100 company and industry leader, we provide a competitive salary – but that’s just the beginning.  Our Total Rewards package also offers benefits like tuition assistance, medical and dental insurance, as well as a robust pension and 401(k).  Plus, you’ll have access to a wide variety of programs to help you balance your work and personal life -- including a generous paid time off policy.  For a full description of Allstate’s benefits, visit

Learn more about life at Allstate.  Connect with us on Twitter, Facebook, Instagram and LinkedIn or watch a video.


Allstate generally does not sponsor individuals for employment-based visas for this position.


Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component.


For jobs in San Francisco, please click “here” for information regarding the San Francisco Fair Chance Ordinance.
For jobs in Los Angeles, please click “here” for information regarding the Los Angeles Fair Chance Initiative for Hiring Ordinance.


To view the “EEO is the Law” poster click “here”. This poster provides information concerning the laws and procedures for filing complaints of violations of the laws with the Office of Federal Contract Compliance Programs


To view the FMLA poster, click “here”. This poster summarizing the major provisions of the Family and Medical Leave Act (FMLA) and telling employees how to file a complaint.


It is the Company’s policy to employ the best qualified individuals available for all jobs. Therefore, any discriminatory action taken on account of an employee’s ancestry, age, color, disability, genetic information, gender, gender identity, gender expression, sexual and reproductive health decision, marital status, medical condition, military or veteran status, national origin, race (include traits historically associated with race, including, but not limited to, hair texture and protective hairstyles), religion (including religious dress), sex, or sexual orientation that adversely affects an employee's terms or conditions of employment is prohibited. This policy applies to all aspects of the employment relationship, including, but not limited to, hiring, training, salary administration, promotion, job assignment, benefits, discipline, and separation of employment.