What makes the role special

About Group-IB:

Founded in 2003 and headquartered in Singapore, Group-IB is a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime. Combating cybercrime is in the company’s DNA, shaping its technological capabilities to defend businesses, and citizens, and support law enforcement operations.

Group-IB’s Digital Crime Resistance Centers (DCRCs) are located in the Middle East, Europe, Central Asia, and Asia-Pacific to help critically analyze and promptly mitigate regional and country-specific threats. These mission-critical units help Group-IB strengthen its contribution to global cybercrime prevention and continually expand its threat-hunting capabilities.

Each of us can help make the world a safer place. Join us!

The role:

Your daily tasks will focus on gathering intelligence through the use of malware reverse engineering. Collecting IoCs, describing malware functionality, writing recommendations on prevention and remedies to malware infection, developing tools and services to assist in analyzing and hunting for malware, and working with the threat intelligence team to attribute malware, attacks, and campaigns to specific threat actors.

The role involves a broad range of tasks beyond reverse engineering, including contributing to intelligence efforts, assisting in incident response, building tools and services, and writing public blog posts.

Tasks to solve

  • Malware analysis for architectures: x86, x86-64, ARM, ARM64
  • Malware analysis for operating systems Windows, macOS, Linux, Android, iOS
  • Create rules for detecting malware using YARA, Suricata, SIGMA, and proprietary detection systems.
  • Develop tools to assist in malware analysis.
  • Develop plugins for malware analysis tools such as IDA (or Ghidra), JEB, x64dbg, and others.
  • Deploy and configure local sandboxes for dynamic malware analysis.
  • Work with third-party platforms such as VirusTotal, URLScan, AnyRun, Shodan, CyberChef, FOFA, etc., as well as proprietary Group-IB tools (MXDR).
  • Develop services and modules for existing services that aid in hunting for and detecting malicious software,e as well as extracting malware configs.
  • Adapt to architecture, operating systems, and programming languages not commonly targeted by malware (IBM, embedded systems, etc.).

This role is perfect for you if

  • 5 to 6 years of experience with desktop-centric malware analysis tools such as IDA, Ghidra, DotPeek, DnSpy, or applicable equivalents.
  • Knowledge of mobile-centric malware analysis tools such as JEB, or applicable equivalents.
  • Familiar with reverse engineering malware written in a variety of languages such as C++, .NET, Java, Delphi, etc.
  • Advanced knowledge of Python 3+.
  • Willingness to adapt to the Go programming language.
  • Familiarity with writing technical reports and public blogs on analyzed malware.
  • Comfortable working in a dynamic environment and remotely.
  • Fluency in English – German is a plus.