Senior Malware Analyst

Job Summary:

Team Cymru malware analysts make a difference every day, leading in the battle against those intent on harming others.  We are passionate about our mission, and we are looking for additional teammates who share in that passion.  Do you have a strong background in analytic tradecraft, deductive reasoning, and critical thinking?  Would you like to have access to our industry leading threat intelligence?  Are you a proven teammate, mentor, and technical leader?  Would you like to join the battle and make a difference in the world?  If so, opportunity knocks.

Team Cymru malware analysts work on research and reporting pertaining to our customers’ security, empowering our customers to complete their mission effectively and efficiently.  Additionally, our malware analysts undertake research into complex reverse engineering efforts and work closely with our technology teams in the development of our world class malware reporting feeds, data analytics systems, and analysis automation, as well as adding to the body of knowledge of those threats.  As a Malware Analyst, you will provide that vital bridge between reverse engineering and strategic intelligence research, writing for the most technical audience to understand the impact of the threat, developing detection mechanisms and bespoke coding of solutions to track those threats – the best of both worlds! 

Duties/Responsibilities:

1. Reverse engineer the latest malware samples; create detection rules, extract configurations, and implement custom discovery tooling
2. Create custom malware analysis tooling and pipelines using Python or GoLang
3. Work with counterparts in the S2 analysis team, producing written intelligence reports pertinent to their investigations
4. Support a world-class production (BARS) feed of discovered and tracked malware C2s
5. Investigate and present operational and strategic intelligence about threat actors at in-person and virtual events
6. Evaluate tools, methodologies, and best practices to understand the tactics, techniques, and procedures (TTPs) utilized by threat actors
7. Proactively share knowledge and techniques with peers on deriving analytic value using our technology suites
8. Lead project-based analysis efforts, to include short and long-term threat tracking.
9. Compose highly tailored and actionable threat intelligence reporting based on tasking

Required Skills/Abilities:

1. Strong knowledge of reverse engineering, malware analysis, and network analysis tools (e.g., YARA, IDA/Ghidra, Sigma, Suricata, Sandbox reporting).
2. Effective programming skills in Python or GoLang for creating custom analysis tools.
3. Deep understanding of network traffic and infrastructure analysis (e.g., PCAP, NetFlow, PDNS, X.509 Certificates).
4. Ability to work independently and in a distributed team environment.
5. Excellent oral and written communication skills, with the ability to produce high-quality customer-facing reports.
6. Strong problem-solving and analytical skills.
7. Expertise in IP networking and services, including DNS, HTTP/HTTPS, VPNs, and routing protocols.
8. Familiarity with OSINT platforms (e.g., VirusTotal, Shodan, Greynoise, MISP).
9. Experience developing automation to interface with external platform APIs (VirusTotal, Driftnet, MISP, etc.)
10. Due to the nature of the work and compliance with government contracts, U.S. citizenship is a requirement for this position.

Education and Experience:

1. 7+ years of experience in a technical cybersecurity role (threat intelligence, digital forensics, malware analysis, reverse engineering, incident response, red team).
2. 2+ years of experience as a malware analyst or reverse engineering subject matter expert, to include development of custom tooling and automation to track malicious infrastructure.
3. Demonstrated ability to lead malware reverse engineering projects or investigations.
4. Advanced proficiency with common operating systems and understanding of operating system concepts.
5. Experience developing indicators of compromise (IOCs) and an understanding of how they can be used/deployed in various detection architectures at host or network level
6. Experience working in a remote, distributed team environment.

Highly Desirable Skills:

1. Experience with analytic visualization tools (e.g. Maltego, Analyst Notebook)
2. Practical experience configuring malware processing and extraction pipelines
3. Investigate and present operational and strategic intelligence about threat actors at in-person and virtual events
4. Subject Matter Expert (SME) for regional or cyber threat actors TTPs
5. Previous role in development projects for innovative analytical tools and techniques

Physical Requirements:

Prolonged periods of sitting at a desk and working on a computer.

Location: Remote 

Join Our Team

Join Team Cymru and contribute to our leadership in Internet signal intelligence, where we provide unparalleled global coverage and insights to safeguard businesses and missions worldwide. If you're passionate about advancing Internet security and have the technical prowess to drive impactful solutions, apply now to be part of our innovative team.

Team Cymru offers a range of great benefits and perks for U.S. employees:

• We're a remote-first organization, so you can work from wherever you're comfortable.
• Enjoy 100% employer-funded health, dental, and vision benefits for yourself and your dependents.
• Take advantage of 4 weeks of Paid Parental Leave.
• Rest easy with life insurance coverage.
• Plan for the future with a 401(k) that includes employer matching.
• Earn rewards and bonuses for your hard work.
• Take a well-deserved break with a generous 28 days of vacation plus holidays.
• Wind down at the end of the year with a company break.
• Access the Employee Assistance Program 24/7.
• Stay fit with a Fitness Membership Stipend.
• Keep connected with a Telephone/Internet Service Fee Stipend.
• Invest in your professional growth with Career Development Training.

This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee. Duties, responsibilities, and activities may change, or new ones may be assigned at any time with or without notice.

All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, age, marital status, pregnancy, genetic information, or other legally protected status.