Meta’s Reality Labs has an opening for “Malware Reverse Engineer”. Not an uncommon role, but this particular one is a bit more specific when you dive deeper.
Reality Labs(formerly Occulus VR) makes those nifty Quest VR headsets w/ controllers you see around. They’re one of the main viewpoints/entrypoints to the Metaverse. Specifically Meta’s Metaverse. A combination shared VR hub/world where one can work or play, something like “Ready Player One(2018)”s Oasis. The ‘work’ is not replacing offices yet. The ‘play’ includes games and experiences within the virtual Metaverse environment and individual VR games that you can purchase from the Meta Quest section of the Meta Store.
 |
| Occulus Quest 2 Credit: Maximilian Prandstätter CC 2.0 |
These give some hint to the malware specifics:
- Identify vulnerabilities and potential attack vectors in the Metaverse ecosystem
“Metaverse ecosystem” is a vague term. Obviously it contains the VR environment, but also content added and the hardware all of this runs on. Server side handles multiplayer for games and interactions for users in the Metaverse. Client side we’re looking primarily at the Quest hardware.
Since the Quest 2, all of the Quest hardware units are Android devices. Mainly running Meta apps. But users can sideload any Android apps they desire, subject only to support by Reality Lab’s flavor of Android.
In the old PC/MS/etc-DOS days we had similar program compatibility, with exceptions for specific vendor’s versions of DOS. Similarly on Android we have high compatibility with all current versions of Android, differing only in support for certain Google Frameworks or other vendor specific system libraries. The MS-DOS ecosystem was quite open, like Android, which led to a considerable amount of computer viruses and other malware. It also led to Antivirus/security software being a necessary safeguard.
- Advise and consult investigative or product teams as a subject matter expert
Subject matter expert on Android malware, not so much malware exclusive to the Metaverse ecosystem. There’s more than a few of us around; I’ve been dealing professionally with Android malware for about 15 years now.
Working with product teams is where the fun in device security is located. Once a product hits the market, most of the security impact one can make is gone. At McAfee, we got to participate during the architecture stage of producing new mobile phones. So much so our antivirus engine was included in the firmware of both Java phones and smartphones.
When you’re at design stage you can do threat modeling and actually fix gaps instead of placing bandages after shipping a million units.
 |
| Screenshot of Meta Store displaying titles of Meta VR games and apps. |
Most users get their Quest apps from the Meta Store, but they can also sideload other, sometimes incompatible, Android apps.
- Lead projects while effectively prioritizing time spent on reversing or malware analysis based on team priorities
This isn’t strictly incident response. The larger the organization, the more likely they have a separate IR division. The role sounds more like one helps to contribute to security for current and upcoming Quest hardware.
And it’s not a junior or staff position if you’re leading security projects. It would be useful if they get someone to interface with other teams within Meta.
- Stay up-to-date with the latest security trends and threats in the industry
That’s part of the general anti-malware researcher role. Presumably this means a training budget/continuous education benefit. It is difficult to keep up-to-date with no/few resources. An O’reilly account is nice, but insufficient. You really need to send your _team_(surely, they’re not hiring only one person) to advanced training or at least 1–2 cybersecurity conferences.
There should also be closer ties to other threat hunting/intel and IR teams in the organization. Sharing information and training material helps all. It really takes a village to ‘[s]tay up-to-date’.
Minimum Qualifications
The minimum qualifications give us a bit more detail:
- Experience with operating systems (Android, Linux), ARM architecture
This is definitely an Android-specific malware reverse engineer. Android lies on top of Linux, certain apps(e.g. high performance games) are composed primarily of native libraries(ELF) and Android runs almost exclusively on ARM processors.
Android malware comes in many flavors these days: Android(Java,Kotlin), native(C/C++, assembly), C#(Unity), Flutter(dart). One needs to be a bit specialized to stay on top of new malware.
- BA/BS in Computer Science or 5+ years relevant work experience within malware
There are few if any undergraduate CS programs that cover malware analysis. Few cybersecurity undergrad programs either. A lot of the senior researchers either learned on the job or the generations that followed them from advanced training courses(e.g. SANS).
Those qualifications make it clear, they need experienced malware analysts and researchers. They’re looking for mid-career to senior-level.
Preferred Qualifications
And these make it even clearer:
- Experience to create their own tools to automate analysis or detection (Yara, Snort, etc)
Writing one’s own tools is different from writing malware and network signatures. This shows they don’t currently have those senior people on the Reality Labs team. The task for writing job descriptions usually falls to management or most senior staff.
Malware researchers tend to write their own tools, initially out of curiosity and for learning, but then out of necessity. It’s usually common when we start to investigate a new platform and new malware. Our old tools may not handle the file formats used, so we break out the trusty hex editor and as much reference material we can scrounge from SDKs, forum posts, the dark reaches of the Internet.
If they need new research, they definitely want senior level folks. Being part of the manufacturer’s team does make gathering that reference material considerably easier.
- Familiarity with drafting scripts leveraging disassemblers like IDA or Ghidra
Scripting the major disassemblers definitely isn’t something beginning analysts do. This goes back to malware researchers writing their own tools, in Java or IDC or IDAPython.
Conclusion
This Malware Reverse Engineer role looks like it could easily hold the interest of a senior level malware researcher. The salary range also seems to cover a senior candidate. Meta is also one of the few companies that is OK with remote work.(I spent almost a decade at McAfee 100% remote. Most of my Senior-level colleagues at other Anti-malware firms work fully remote. It has been SOP for a couple decades.)
If the hiring managers at Reality Labs can see that they’re trying to hire senior-level staff, I’d recommend any of my colleagues to apply.
No comments:
Post a Comment