Malware Analyst

Job Description

Job Description – Malware Analyst A malware analyst examines malicious software, such as bots, worms, and trojans to understand the nature of their threat. This task usually involves reverse-engineering the compiled executable and examining how the program interacts with its environment. The analyst may be asked to document the specimen’s attack capabilities, understand its propagation characteristics, and define signatures for detecting its presence. Reverse engineering capabilities are also considered essential to a successful malware analysis. Malware analysts are responsible for conducting both dynamic and static analyses of suspicious code in order to establish signatures that indicate its presence. They also determine how such code spreads through systems and develop tools and procedures to detect the code in advance of any infection. Job responsibilities include: Document malware threats and identify procedures to avoid them Static and dynamic analyses using tools to identify threats Classify malware based on threats and commonalities Write alerts to let security personnel know about the latest threats Understand tools that identify zero-day cyber threats and work to protect from them Participate in research and development of malware protection tools Ability to setup collection mechanisms for malware samples (honey pots) Ability to setup virtualized environments for malware analysis Capabilities for Malware Analysis Fundamentals Networking and TCP/IP Operating system internals (Windows and Unix) Computer security Forensics and incident response Programming (Assembly, C, C++, Python, and Perl) Assemble a toolkit for effective malware analysis Examine static properties of suspicious programs Perform behavioral analysis of malicious executables Perform static and dynamic code analysis of malicious executables Contribute insights to the organization's larger incident response effort Malicious Code Analysis Core concepts for analyzing malware at the code level x86 Intel assembly language primer for malware analysts Identifying key x86 assembly logic structures with a disassembler Patterns of common malware characteristics at the Windows API level (DLL injection, function hooking, keylogging, communicating over HTTP, etc.) In-Depth Malware Analysis Recognizing packed malware Automated malware unpacking tools and approaches Manual unpacking of malware using OllyDbg, process dumping tools and imports-rebuilding utilities Intercept network connections in the malware lab Interact with malicious websites to examine their nature De-obfuscate browser scripts using debuggers and runtime interpreters JavaScript analysis complications Self-Defending Malware Bypassing anti-analysis defences Recovering concealed malicious code and data Unpacking more sophisticated packers to locate the Original Entry Point Identifying and disabling methods employed by malware to detect analysts' tools Analyzing shellcode to assist with the examination of malicious documents and other artefacts Malicious Documents and Memory Forensics Analyse malicious Microsoft Office (Word, Excel, PowerPoint) documents Analyse malicious Adobe PDF documents Analyse memory to assess malware characteristics and reconstruct infection artefacts Using memory forensics to analyse rootkit infections Essential Qualifications 2-4 years’ experience as a SOC specialist/Malware analyst Certifications in Networking, OS, Infosec and languages (C, C++, Perl, Python & Assembly) Bachelor’s degree in Computer Science Show more Show less