- Develop a world-class Media Malware Analysis laboratory with associated documents, TTPs, and SOPs
- Analyze malware utilized in intrusions
- Perform dynamic and static analysis and reverse engineering of intrusion artifacts
- Develop, obtain government approval, and release analysis findings in technical analysis reports.
- Identify unique indicators, TTPs, patterns, or heuristics from malware artifacts for the development of detection and mitigation strategies
- Collaborate with anti-virus vendors for malware submissions to aid vendor anti-virus updates.
- Extract malicious files from digital media and sources
- Identify, analyze, and document actions taken by malicious actors who gain unauthorized access to information systems
- Determine sophistication, priority, and threat level of identified malware
- Examine media and malware analysis reports and operational reporting from events/incidents to correlate similar events, tradecraft, and TTPs of malicious activity
- Develop metrics and trending/analysis reports of malicious activity used to compromise the component networks
- Develop, document, and convey operational requirements for the development, procurement, or implementation of media, malware analysis capabilities such as the Joint Malware Catalog (JMC) and Joint Indicator Database(JID)
- Develop and conduct update briefs, presentations, and papers to organizational leadership to ensure situational awareness and status are conveyed related to the assigned project areas
- Conduct log and system analysis for various system and network capabilities to include routers, Windows, and UNIX
- Update shared situational awareness mechanisms to include websites, and collaboration / chat mechanisms