Malware Analyst

As a Malware Analyst you will lead efforts in detecting, analyzing, and mitigating malware threats to safeguard organisational systems and data. By conducting advanced static and dynamic malware analysis, the role provides critical insights into emerging threats, supports incident response activities, and enhances detection capabilities through tool and signature development. This role involves analysis of cyber threats, the development of actionable intelligence, and collaboration with various teams to develop NCC Group's Threat Intelligence capabilities and broader services.

• Conduct in-depth static and dynamic analysis of new and emerging malware threats, identifying potential risks and novel attack vectors.
• Provide detailed analysis of malware samples as part of Digital Forensics and Incident Response (DFIR) investigations.
• Respond to Requests for Information (RFIs) related to malware and binary analysis from internal and external teams.
• Stay up-to-date with ongoing malware campaigns and techniques, providing insight into emerging or high-impact threats.
• Document and report on the behaviour, techniques, tactics, and procedures (TTPs) used by malware.
• Generate and share IoCs from malware analyses, leveraging the internal TIP tooling.
• Contribute to external communications through blog posts that highlight unique or significant malware findings.
• Develop and maintain tools and scripts for malware analysis, including custom configuration extractors and unpackers in the malware lab.
• Based on malware analysis, create and refine detection signatures such as YARA rules. Identify Network and host-based detection opportunities.
• Support the other pillars within the GTI team with research and analysis.
• Work closely with DFIR teams to provide context and insights on malware threats.
• Collaborate with the internal detection engineering team to ensure detections are in place for the latest threats.
• Collaborate with external partners, information-sharing communities, and industry forums to stay updated on new malware threats and to share intelligence.

• Proven experience as a Malware Analyst, Threat Intelligence Analyst, or similar role with a focus on malware research and response.
• Strong knowledge of reverse engineering tools and techniques for malware analysis, including tools like IDA Pro, Ghidra, OllyDbg, or similar.
• Familiarity with programming languages such as Python, C++, or assembly for developing analysis tools and scripts.
• Expertise in creating and maintaining YARA rules.
• Strong understanding of networking protocols, including TCP/IP, DNS, and how malware utilises these protocols.