Malware Analyst/Detection Engineer

What does working as Malware Analyst/Detection Engineer entail? 

The main thrust of the job is, you guessed it, reverse engineering. You will: 

• analyze newly detected infiltrations and work on the technical description of code that you analyze; your primary goal will be to uncover what the given code does. 

• in some cases figure out whether the code is malicious or not 

• in other cases, drill down to the details, uncover more of what the malware actually does, how it does and for what aim it was designed. This information is crucial for proposing detection and “cure” algorithms which will be your next step. 

• ultimate goal of whole process is to create detection for malicious code with aim for malicious PE/script files resulting in proper PE/script detection. 

• do some detective work, pondering what’s behind entire malicious operations (possibly in some cases, cooperate with the police, CERTs or the victims of cyber attacks themselves) 

Where does Malware Analyst/Detection Engineer work? 

We work in the Security Research Laboratory, which we refer to simply as VirusLab. Some of us work on analyzing malicious code, others track entire malicious operations, looking at how they function. Other colleagues are involved in detecting malware through signatures, which are hard for malware writers to evade. Our analysts and engineers have extensive experience with reverse engineering techniques, and analysis and detection of malicious code on a range of operating systems, including Windows, OS X and mobile platforms. Our teams comprise experts on online threats, software vulnerabilities and exploits which are used by malware writers to infiltrate and abuse systems. 
 
Technologies used in the job: 

• tools of your trade: IDA Pro, OllyDbg, Hiew, WinDbg, SysInternals tools, JIRA, Confluence, CyberChef 

Why joining us? You will have an opportunity to learn something new, in a field mastered by only a handful of people. 

Are you cut out for the job? 

• a diploma is neither a sufficient nor a necessary precondition to succeed with us 

• what really makes a good analyst is the ability to understand code written by someone else  

• we often use disassembler, so being well-versed in this regard is a must if you want to join our team 

• in case you are able to read and decode various script languages, it is even better 

• it is also useful if you are comfortable using English.  

• to keep pace with the bad guys you should have a healthy appetite for continuing to learn new things. 

Our Requirements in short: 

• understanding of Windows internals 

• experience with reverse engineering/debugging 

• understanding of assembler and script languages 

• understanding of Windows PE format 

Nice to have/optional:  

• programming (any language) 

• knowledge of Linux, mobile platforms