Malware analyst has become a very important part of cybersecurity to provide important intelligent after an attack. That is why a lot of opportunities are open for those who want to enter the cybersecurity field through this career.
What is Malware Analyst
Malware analyst is someone that possess advanced programming ability and use it to analyze different types of malware used in an attack. The malware that used by hackers can be classified into a few types such as:
This is a malware type that can grow inside the system. Virus will copy and insert itself into a program so it can spread from a computer to the other and inflict the whole system.
This malware will disguise itself so it can appear as a legitimate software but actually it is not. That way, people will believe that they are actually downloading the genuine thing. But when the download is complete it will start to infiltrate your system. Typically, this malware spread using human interaction for example though file download or opening attachments on email.
This malware work in similar method to virus, however worm does not require human or program as host for it to grow.
- Aside those main Malwares types there are other malware that can be use such as rootkits, logic bombs, bots, adware, ransomware and keyloggers.
As analyst that work with malwares, your job is to found out which malware types that attack the company’s system. That way you can find out how the attack deployed and why the attack wasn’t or was successful. Then you need to figure out how to defend the system against the attack.
That is why you need to have the right knowledge that can be used to dissect the Malware and identify the vulnerability of the company system which being targeted by the attack. You will also work with other cybersecurity department to find a way to protect the company’s system against cyber-attack.
This job has very unique role in cybersecurity since you need to understand both the offensive and defensive technique as well as various security principles. You also need to possess the right knowledge and skill to work on this job.
There are various companies where you can have a career in this job such as:
- As part of CERTs in various government CERTs or in private sectors which usually big technology enterprises such as Microsoft, Facebook or Google with their own CERTs.
- Company that provide service to handle incident such as Mandiant.
- Antivirus company such as Trend Micro, Kaspersky, Avast, Symantec and many other.
Job Responsibilities and Duties
The exact responsibilities and duties that will be given to you might be different depends on the scale of the company and the team itself. Typically, the responsibilities and duties that you need to do are as follows:
- Give respond for incident report
- Finding malware infection then identify the company’s system to find a way to avoid the attack
- Prevent the malware from spreading further
- Recommend and implement various procedures that can help the system to recover after an attack
- Using analysis tool to examine software and application to find potential vulnerabilities
- Categorizes the malware’s characteristic and threat potential
- Keeping up with the newest malware and updating the company’s software so it can avoid the attack
- Sending alerts to cybersecurity team to keep them informed
- Documenting all security policies applied
- Find tools that can be used to identify cyber-attack on zero-day
To be working as malware analyst you need to have a few basic qualifications that usually required by the company, such as:
You need to have at least bachelor degree from related field for example computer science, cybersecurity or computer engineering to start your career. To be successful in this career means you need to be ahead of the hackers so bachelor degree is an important step that you need to have to enter the industry.
Typically, advanced degree is not required. However, advanced knowledge and additional training can be beneficial. You might also want to consider getting master degree in those field to stay ahead of the competition.
It is important for you to continue to learn so you can stay up-to-date with all of the newest malware method and technique as well as the other cybersecurity knowledge. Especially since cybersecurity is a world that continue to evolve. So having the right knowledge can help you to predict, analyze and be ahead of any attack.
That is why, it is important for you to attend conference, build a network, and earn certification. Even though there are no standard in regards of the certification, here are some of the most wanted one:
- CFCE certification
- Reverse Engineering certification
- GREM certification
- Penetration Tester certification
- Ethical Hacker certification
- ISSP certification
- TS/SCI clearance for those that want to work with the government
If you want to enter this career, it is important for you to build your working experience. Try to get a job that is related to technology industry which involved developing and coding. You should also gain experience with software programing and computer programming.
There are a few skills that are very crucial to have if you want to work as malware analyst. Some of the must have one are:
- Knowledge of networking security
You need to know different types of network protocols, have ability to use networking monitors and tools, have ability analyzing pcap files, know how to get various whois and domain data.
- Knowledge of operating system
You need to know important things on the internals of OS such as process, API, DLL, PE headers, EXE and many other.
- Ability to do digital forensics
You need to know how to do forensics on modified files and memory. You should also know how to use digital forensics tools.
- Ability to analyze Malware
You need to have knowledge on assembly language, understand coding, have ability to use various static analysis tools such as IDA Pro, have ability to use various dynamic tools such as GDP, windbg, ollydbg, and many others.
You should also have ability to do behavior analysis to monitor the malware behavior, created files, communication port used and many other activities using malware analyzing tools such as Sysinternals and Cuckoo.
- Knowledge on Encryption technique
You must know various encryption technique and the encryption algorithms used by the malware so you can decrypt them.
- Have general knowledge on cyber attack
You need to have knowledge on cyber attack vectors used by the malware such as shellcodes, exploit, and rop. You also need to know how the malware used them. You also need to have knowledge on OWASP and the general web attack knowledge.
- Soft skills
Aside from the technical skills, you also need to have a few soft skills if you want to be successful in your career. Some of the soft skills needed are:
- Being able to think outside the box to find method used by malware to penetrate to system
- Have strong determination and be resourceful when solving problem
- Have curiosity to learn something new to keep up with cybersecurity field
- Have great communication skill to work with other department
- Critical thinking
- Good work ethic and teamwork attitude
- Be positive
Generally, career outlook on various types of jobs in cybersecurity field is very positive. Especially since cyber attack is something that become more and more common also become more harmful.
Even though you do not hear about cyber-attack on famous companies, individual or entities online but no one is actually immune from cyber-attack. That is why, demand for malware analyst will continue to grow and will not be gone anytime soon. American BLS even protected that this job growth can reach up to 33% beginning from 2020 until 2030. This growth is much higher than the American job average which only 8%.
This job actually has competitive advantage compared to other job in cybersecurity field. The reason is because as analyst you need to have specific skill in coding and programming language. You also need to have ability to use various tools to which generally very complex. Thus, this job is considered to be experienced-level job and not entry-level one. That is why, you can expect to get commensurate compensation.
Cybersecurity is very competitive field in nature, so if you want to have a career in this field then you need to work hard to achieve it. Working as malware analyst has a lot of advantage as this job requires a lot of expertise. However, it also means you need to build your expertise if you want to be successful as malware analyst.
You can start at the basic but you also need to get the right experience by working in the right field. Having higher degree is desirable but not necessary. What important is, you need to gain more knowledge and hard skill that will increase your potential.