The team and the project
This position is part of our Active Threat Control team, located in Cluj-Napoca.
Bitdefender Active Threat Control (ATC) is a proactive, dynamic detection technology, based on monitoring processes’ behavior, and tagging suspect activities. It serves as a last line of defense against unknown malware. The ATC solution is built using the latest system monitoring technologies available on Windows. Using both User and Kernel Mode components, ATC is able to reliably monitor the behavior of running applications. The behavior is evaluated using an extensible heuristic engine.
The project also has an exploit detection module, a detection component based on machine learning and an attack research division.
You will be part of a friendly team whose mission is to:
- tackle the challenges of real time detection to protect millions of users and to ensure customer satisfaction
- exercise their creativity with various research topics to improve the detection and our processes
- design and implement high quality software for current and future modules
For the summer of 2024 (July – September) we have 5 open internship positions in our team: 1 Security Researcher position, 1 Quality Engineer position, 1 Web Application Developer position and 2 Software Engineer positions.
Role
Your mission will be to learn as much as possible, familiarize yourself with the working environment and the development processes, and use your skills to contribute to the efforts of the team.
Responsibilities
- Extend and implement new functionality for Windows applications and Kernel mode drivers
- Extend and implement new unit and integration tests for Windows applications and Kernel mode drivers
- Learn about and use process behavior monitoring technologies on Windows (minifilters, ETW, API hooking)
- Learn about Windows internals and reverse engineering techniques on Windows
Technical skills and expertise
Must have:
- Solid experience with programming in C or C++ (good understanding of pointers and memory management, working with files and processes, etc.)
- Solid understanding of data structures and algorithm implementations in C (trees, lists, hash tables, advanced searching algorithms, etc.)
- Experience with multi-threading and synchronization (good knowledge about working with threads and synchronization primitives)
- Ability to read and understand x86 Assembly
- Ability to use source level and Assembly level debugger (WinDbg, OllyDbg, Immunity Debugger or Visual Studio Debugger)
Nice to have:
- Familiarity with Windows API, system calls and concepts (such as HANDLEs, Windows processes, Windows threads, working with Windows Registry)
- Experience with Assembly programming for x86 and AMD64
- Familiarity with operating system internals for Windows or Linux
- Knowledge about Windows PE format and how programs are loaded and executed
- Basic static reverse engineering skills (using IDA, GHIDRA, ILSpy) and/or experience with dynamic reverse engineering (using Procmon or Pin)
Desired competencies and profile
- Analytical & problem-solving skills
- Interpersonal and team-oriented skills
- Verbal and written communication skills
- Self-motivated and enthusiast
- Fast learner
