What is Required to Work in Malware Analysts Jobs?

Continuing CyberTalents webinar series “What is required to work in cybersecurity jobs?”, our second webinar “ What is required to work in Malware Analysts Jobs?” had great success discussing all about Malware Analysis jobs.


When it comes to malware analysis, one of the best talents that can talk about it is “ Eng. Amr Thabet”, a reverse engineer at tenable and former malware researcher in Symantec. Amr shared with us his experience, career path, and career advice in the malware analysis jobs.


The webinar wasn’t only useful for those who want to start their career path in malware analyst jobs but also who have been working in the field and want to boost their skills.


Before going deep, let’s start with definitions: What does Malware Analysis mean? 


It is one of the most important sciences in the cybersecurity field. Malware analysis is the science of reverse engineering or analyzing different malware types like viruses, worms, trojans, or others trying to understand the impact of the malware, read the binaries, and encryption techniques, know the attackers’ intentions, and what can happen if this malware running on an infected machine, its communications with different websites, compilation time, stolen data and even more.Amr explained.

What is the Exact Role of a Malware analyst?

Malware analyst has a vital role in incident handling as he can answer questions that any security engineer can’t answer from the logs which are:


1- Who is behind this attack?

2- How does he penetrate our systems?

3- What’s the attack vector?

4- Can it spread through the network?

5- How much control does this malware give?

6- How much data is exfiltrated?

The malware analyst as well plays a vital role in stopping national attacks such as ransomwares, banking trojans, and taking down cyber criminals' networks.

Where Can you Work as a Malware Analyst? 

Eng. Amr Thabet mentioned three places where you can find malware analysts jobs:


1- Antivirus companies like Symantec, Kaspersky, Trend Micro, and others.

2- CERTs (Computer Emergency Response Team) whether in a government cert like US-CERT, Uk-CERT, Oman-CERT, Q-CERT or in a private CERT in big enterprises like Google, Facebook, Microsoft who has their own CERTs.

3- Companies who provide incident handling services like Mandiant for example.

What Skills do You Need to Have to Join Malware Analysts Jobs?

“As threat intelligence jobs, working in malware analysts jobs requires a set of skills in different cybersecurity fields. You don’t have to gain advanced skills in all of them but at least you should be an expert in one or two of the below topics” said Amr. Some of those skills are:

Network Security

You need to understand network protocols ( TCP, UDP, DNS, HTTP, HTTPS), how to analyze pcap files, how to use tools like Wireshark and network monitor, and learn more about domains, whois data, etc.

Digital Forensics

You need to understand basic memory forensics, files modified, learn some tools like volatility & Memoryze is also so beneficial.

Malware Analysis

You need to learn assembly language especially understanding code, learn how to use tools for static analysis like IDA Pro, dynamic analysis tools like (ollydbg, windbg, GDP, etc) and also behavior analysis which is monitoring the behavior of the malware, the file it creates, port communications and others through tools like Cuckoo and Sysinternals.

Encryption Techniques

Most malware is encrypted so you need to understand different encryption algorithms and how to decrypt them.

Operating System Internals

You need to understand stuff like windows internals, processes, threads, APIs, kernel, DLLs, EXE & PE headers, and so on.

General Knowledge

Understanding different attack vector knowledge like what is meant by exploits, shellcodes, rop and how it is used, know more about web attacks and OWASP Top 10. You can know more about the web attacks through this webinar “What is required to work in web penetration testing jobs?”.

Important Resources

There are expensive options like: 

- SANS 660 (Giac Reverse Engineering Malware)

- eLearning Security

If you would like to have some free knowledge then you will need to have a look at the below resources:

For Assembly

- Assembly Course (Video Training)

- Assembly tutorials (Very easy to follow)

For Reverse Engineering

- The Secrets Of Reverse Engineering” by Eldad Elmam: A Free Reverse Engineering Book (1078 pages).

- CyberTalents has a variety of different challenges in malware analysis and reverse engineering.

For Malware Analysis

- “Practical Malware Analysis” book

- Published Reports: https://github.com/kbandla/APTnotes

- “Reverse Engineering Malware” by Amanda Rousseau https://securedorg.github.io/RE101/  https://securedorg.github.io/RE102/

- Malware Samples Database: https://virusshare.com/ http://malwr.com (If the sample is shared)

Windows (or any OS) Internals

- “Identifying Malicious Code Through Reverse Engineering” book

- “Windows Internals” by David A. Solomon. This is a reference more than a book

- PE Header (EXE File) Tutorials

For Exploitation

- Exploit Writing Tutorials

- The Art of win32 Shellcoding

- Exploits Database

For Programming

- Python for Pentesters and Hackers: The training is by the founder of securitytube.net. It is not free but a cheap option (39$ for videos only).

- “Sockets, Shellcode, Porting, and Coding: Reverse Engineering Exploits and Tool Coding for Security Professional”

For Web Attacks

- OWASP Top 10

- “Web Application Hacker's Handbook”

- CyberTalents web challenges are also good for practice.


Finally, although the number of other cybersecurity jobs like penetration testing jobs is more than malware analysis jobs in general, the number of professionals working as malware analysts is less than the jobs. It is a supply and demand issue where the supply is much less than the demand in malware analysts' jobs.


Read more articles related to cybersecurity jobs: 

What is Required to Work in Web Penetration Testing Jobs?

What is Required to Work Cybersecurity Jobs at Facebook?

What is Required to Work in Threat Intelligence Jobs? 

What is Required to Work in Automotive Cybersecurity Jobs?

What is Required to Work in SOC Analysis Jobs? 

What is Required to Work as a CISO?