Malware analyst jobs

If you’re looking for a role in cyber security, be sure to apply for Upward Spiral or checkout what we’re about.

Malware Analyst Jobs

From 2013 to 2021, the number of unfilled cybersecurity positions grew by a whopping 350%. It would be crazy to expect the demand for cyber security analysts to fall any time soon.

An important and rapidly growing role within the cyber security ecosystem is the malware analyst. This role is part security engineer, part programmer, and part digital forensics and is a crucial function in providing necessary intelligence after a cyber security incident. Once the initial incident has been addressed it is critical that a thorough analysis and examination of the incident takes place. This will typically involve a close look at the methods, techniques, tactics and tools used by the adversary.

By understanding the incident new defenses can be developed, or existing ones can be refined as needed. The ability to reverse engineer malicious code is paramount in all defensive strategies and this is where the malware analyst brings value to the cyber security team.

The cross between a highly-skilled programmer and a cyber detective makes this an attractive option for many highly skilled and curious tech types. This is a competitive and highly sought after role.

What is a malware analyst?

A malware analyst is the Hercule Poirot of an organisation’s cyber security team. The role is unique within an organisation’s security, defensive techniques and security principles.

A malware analyst is a cyber-sleuth, with capable programming skills. They leverage their programming capabilities to identify how an attack occurred, why it was or wasn’t successful, and most importantly how it can be defended.

A malware analyst possesses the knowledge and skill needed to understand the exploit and identify the vulnerability. This role is unique within a security enterprise because it requires an understanding of offensive as well as defensive techniques and security principles.

What does a malware analyst do?

A malware analyst identifies, examines, and understands the various forms of malware and their delivery methods. This includes all diverse forms of bots, buts, rootkits, adware, spyware, ransomware, trojan horses, viruses and worms.

The malware analyst comes into the picture after an organisation’s incident response team has identified and contained an attack. Their purpose is to disassemble, deconstruct, and reverse engineer the malicious code to allow the organisation to better protect against future attacks of similar capability and origin.

It is largely a function of solving puzzles and connecting seemingly unrelated dots. While sometimes called in during the early stages of an attack to bring clarity to the type of attack and shed light on the methods being used by attackers a malware analyst isn’t typically considered a component of the incident response team or even the first line team. Commonly the malware analyst becomes more involved in mitigation and recovery efforts once the attack vector has been identified and the payload contained.

Regular activities include examining suspect code to determine if there is an element of a malware attack. This is particularly common when working with advanced persistent threats (APT), where code may be placed in small amounts over a longer period of time before being detonated. This makes the task of detecting and identifying malicious code more difficult, it also provides the malware analyst with enough time to examine and protect against an attack before harm is done.

Strength in analysing and reverse engineering code enables the malware analyst to be effective in protecting the network by predicting the objective of the code to establish a signature.

Broadly, the malware analyst is responsible for:

• Reverse Engineering: Reverse engineering (also known as backwards engineering or back engineering) is a process or method through the application of which one attempts to understand through deductive reasoning how a device, process, system, or piece of software accomplishes a task with very little (if any) insight into exactly how it does what it does.
• Advise Incident Responders: Providing advice and guidance services to incident respondets when making their choices to ensure they are appropriately informed about threat actors.
• Examining Suspect Code: The collection of information in a way that maintains its integrity allowing for the investigation and analysis of the data or system to determine if it was changed, how it was changed, who made the changes and what their intent may be.

What skills does a malware analyst need? The ability to analyze and reverse engineer suspicious code enables the malware analyst to protect digital assets. An ideal candidate will have one or more of the following skills:

• IDA Pro, WinDbg, OllyDbg, Immunity Debugger
• Strong knowledge of C/C++, Windows API, and Windows OS internals
• Reconstruct unknown file formats & data structures
• Reconstruct unknown TCP/IP protocols
• Understand unpacking, deobfuscation, and anti-debugging techniques
• Python, Perl, Ruby scripting
• Ability to write technical reports

Common job responsibilities will include:

• Record malware threats and identify systems to avoid them
• Examine programs and software using analysis programs to identify threats
• Classify malware based on threats and characteristics
• Stay up to date on the latest malware and keep software updated to defend against them
• Write alerts to keep the security team informed
• Help create documentation for security policies
• Understand tools that identify zero-day cyber threats

While most malware is written in middle-level languages such as C or C++, the code will need to be disassembled to be readable. This requires that a malware analyst be able to read, understand, and program in the much more arduous low-level assembly language.

The ability to work with various high-level programming languages is important. The use of specialized and sophisticated digital tools will be required. Both hard- and soft-skills. These include:

• Programming experience: Malware analysts are charged with identifying actors through the exploration of code. Consequently, malware analysts are expected to have a strong understanding of commonly encountered languages. The middle-level languages (C or C++) encompass most malware. However, analysts need to be able to read, understand and program in the much more arduous low-level assembly languages.
• Communication: Beyond understanding, is the expectation that you can communicate your understanding in laymen’s terms to others. You will have to communicate in high pressure situations in this job.
• Detail-oriented: Much of the work of malware analysts comes down to examining small details.
• Forward-thinking: Malware analysts need to be aware of up-to-date trends.
• Digital tools: The ability to use specialised and sophisticated digital tools is necessary.

How to become a Malware Analyst?

Five steps to becoming a malware analyst:

• Education: Having a bachelor’s degree in computer science or cyber security will greatly assist your career and prospect of acquiring a role. Success as a malware analyst is determined by an operator’s ability to stay ahead of skilled threat actors and a solid foundational education will greatly improve your success at accomplishing this. However, a degree is not essential.
• Career path: A common career path for this cyber security specialty is to spend several years as a programmer or developer. These skills arm the applicant with a necessary foundation for understanding how malicious software is created.
• Professional certifications: While there is no industry-wide prescribed professional certification required for a career as a malware analyst, one certification stands out. The Certified Information Systems Security Professional (CISSP) demonstrates that an applicant has a sound understanding of security architecture, engineering, and management.
• Experience: The knowledge and skill threshold for becoming a malware analyst is cross-functional and best suited for an experience cyber security professional or computer scientist. It is assumed entering the field you have a university level qualification in one of those fields and you will still require relevant work experience in both areas to be successful in the role.
• Continued learning: A critical qualifying step toward becoming a malware analyst is to demonstrate a drive and ability to stay abreast of cutting-edge attack techniques and methods. The ability to identify, contain, disassemble, and mitigate zero-day malware is the pinnacle of desirable skills. Largely, cyberattacks are successful because they contain some unexpected or unforeseen element in the cyber kill chain. The job of a malware analyst includes being able to look at past events and accurately predict what the next attack may look like.

How much do malware analysts make?

It takes special programming and language skills to become a malware analyst. It also requires a strong understanding of various complex tools. It is considered by most to be a role for experienced operators, rather than an entry-level role and it commends a commensurate level of compensation.

The average malware analyst salary is US$165,000 per year. Entry-level positions start at US$78,000 per year while experienced workers can make up to US$234,000 per year.

If you’re looking for a role in cyber security, be sure to apply for Upward Spiral or checkout what we’re about.