Malware Analyst

What makes the role special

Group-IB is a partner of INTERPOL, Europol, and a cybersecurity solutions provider, recommended by SWIFT and OSCE. Such partnerships give us advantages in our everyday duties.

We do deep research of malware and public presentation of complex research. We participate in IR and perform as experts at conferences and in mass media. Our reports are used by thousands of people all over the world. And we invite you to our global team.

Tasks to solve

• Research activities of various threat groups, including state-sponsored APTs and financial cybercrime groups
• Work on client requests from the European region, including: analyzing malicious software such as trojans, scripts, and exploits, investigating attackers’ network infrastructure, reconstructing the attack kill chain, creating detection rules for clients
• Contribute to the continuous improvement of company products
• Research malicious tools, attacker infrastructure, and related activities
• Develop scripts to automate hunting, detection, and reporting processes
• Automate research processes by contributing to internal projects focused on automated analysis: actively improve solutions based on research experience; develop various modules, including core components of projects; proficiency in Python is important.
• Create public articles and presentations for events, including cybersecurity community conferences
• Conduct malware research, focusing on architectures like x86, x86-64, ARM, and operating systems such as Windows (including .NET), Linux, macOS, Android, and iOS
• Research various exploits and malicious tools, including scripts, documents, emails, and more
• Create rules for detection and hunting malicious tools – YARA, Suricata etc
• Develop scripts for automating the analysis of tools such as IDA Pro, x64dbg, and JEB
• Perform analytical work during research to: attribute malicious tools to specific threat groups; identify common patterns in different malicious objects; create hunting rules
• Prepare detailed reports summarizing the results of research tasks

This role is perfect for you if

• 3 years of experience in reverse engineering and malware analysis
• Proficiency with reverse engineering tools such as: IDA Pro/BinaryNinja/Ghidra/etc; x64dbg/Immunity Debugger/OllyDbg/etc; WinDbg; other tools
• Understanding of how to create scripts for automated analysis
• Experience with traffic analysis tools
• Basic knowledge of scripting languages
• Strong proficiency in Python
• Knowledge of common binary formats
• Understanding of common network protocols
• Basic knowledge of exploitation of vulnerabilities
• Knowledge of common cryptographic algorithms
• Basic understanding of the cyber threat industry
• Proficiency in technical language and the ability to write technical reports
• Understanding of techniques used by cybercriminals and malware authors