- I write a blog, covering a wide range of information security and IT topics. Check it out.
- Check out my cheat sheets with tips for incident response and other information security topics.
- Learn to turn malware inside-out at my SANS Institute course on analyzing malicious code.
Related Content:
- Reverse-Engineering Malware cheat sheet
- Analyzing Malicious Documents cheat sheet
- Combating Malicious Software articles
More on career development:
|
Learn to analyze and combat malware from my SANS Institute training. |
Malware Analyst - Job Description
What does the job of a malware analyst entail? If you're looking to get into this field, or if you're looking for ideas that can help you succeed there, read on. You might also find this page useful if you are creating a job description for hiring such a person. If you're looking for a job, or if you'd like to fill a malware analyst's position, let me know; I may be able to make an introduction.
Job Description
A malware analyst examines malicious software, such as bots, worms, and trojans to understand the nature of their threat. This task usually involves reverse-engineering the compiled executable and examining how the program interacts with its environment. The analyst may be asked to document the specimen's attack capabilities, understand its propagation characteristics, and define signatures for detecting its presence. A malware analyst is sometimes called a reverse engineer.
Security product companies, in industries such as anti-virus or network intrusion prevention, may hire malware analysts to develop ways of blocking malicious code. Large organizations in non-security industries may also hire full-time malware analysts to help protect their environment from attacks, or to respond to incidents that involve malicious software. Malware analysis skills are also valued by companies that cannot justify hiring full-time people to perform this work, but who wish their security or IT administrators to be able to examine malicious software when the need arises.
How to be Successful?
A successful malware analyst is keenly aware of his or her strengths and weaknesses, invests time into keeping up with the evolving threat landscape, and contributes to the malware research community.
Recognize your strengths and weaknesses. A skilled malware analyst possesses expertise from two often-distinct knowledge spheres: programming, as well as system and network administration. Individuals are often stronger in one of these areas than the other. When analyzing malware, start with the tasks that build upon your strengths, be it a solid understanding of assembly, or an intimate knowledge of Windows internals. Of course, don't let your weaknesses drag you down. Understand what they are and develop a plan for expanding your expertise to ensure a well-balanced skill-set.
Stay abreast of the threat landscape. The ever-changing nature of malicious software keeps the analysts on their toes. To excel in this field, research and understand new threats. Malware authors and analysts are at an arms race: as the analysts develop new tools and approaches, the attackers find new mechanisms for protecting their creations from detection or reverse-engineering. Read blogs, books, and papers that discuss malware characteristics and analysis techniques. Attend conferences, large and small, where you can brainstorm with and learn from other malware analysts.
Contribute to the malware research community. Don't be a passive observer. Reverse-engineered a particularly challenging specimen? Found a way to bypass protection of a new packer? Figured out how to deobfuscate an insidious collection of malicious browser scripts? Share your insights, findings and suggestions with other analysts via mailing lists, blogs, web forums, conferences, and other venues accessible to you. You will not only contribute to the community's joint skill set, but also interact with peers who can share their perspectives and help you become the analyst you want to be.
Training and Certification
I teach a class at SANS Institute called Reverse-Engineering Malware. It is designed to help malware analysts improve their skills, and may act as a spring-board into this field. The course is attended not only by individuals performing malware analysis as their primary job, but also by security and system administrators who need to analyze malicious software once in a while.
The only professional certification that I know covers the field of malware analysis is tied to my course, and is called GIAC Reverse-Engineering Malware (GREM).
About the Author: Lenny Zeltser is a seasoned IT professional with a strong background in information security and business management. His areas of expertise include cloud services and malicious software. Lenny focuses on safeguarding customers' IT operations at Radiant Systems. He also teaches how to analyze and combat malware at SANS Institute. Lenny explores security topics at conferences, in books and in articles. He also volunteers as an incident handler at the Internet Storm Center. You should follow Lenny on Twitter and read his daily blog.
Copyright © 1995-2011 Lenny Zeltser. All rights reserved. RSS Feed.
The information on this site does not necessarily represent positions or opinions of my employer.