Job Information
IBM X-Force Malware Reverse Engineer in Manchester, United Kingdom
Introduction
The IBM X-Force Threat Intelligence (XFTI) team provides expert malware and threat analysis to customers globally. As a Malware Reverse Engineer, you will deliver cutting-edge technical analysis and research, generating actionable threat intelligence to empower organizations against advanced and emerging cyber threats, significantly reducing their attack surface.
Your role and responsibilities
IBM X-Force Threat Intelligence is looking for a Malware Reverse Engineer. This role requires the candidate to provide expert technical analytical support and advanced malware analysis to the X-Force Threat Intel and Incident Response teams. You will perform in-depth, hands-on reverse engineering of malicious software across various platforms, documenting command-and-control functionality, communication protocols, encryption mechanisms, persistence techniques, and exploit vectors.
The candidate will provide industry-leading malware analysis for advanced cyber threat incidents and research support across several security domains in an exciting and growing security delivery organization within IBM. The reverse engineer will work with IBM X-Force Incident Response teams to triage cyber threat activity, leverage and integrate X-Force's proprietary telemetry, open-source intelligence (OSINT), and industry-leading sources within IBM to develop comprehensive threat models and intelligence research. This includes proactively deriving and validating Indicators of Compromise (IOCs) from in-depth analysis of incident data and malware, and contributing to incident response efforts by providing actionable insights and recommendations in a timely fashion. You will also develop targeted automation scripts, primarily in Python, to assist with malware unpacking, configuration extraction, data parsing, IOC identification, and analysis workflow efficiencies.
Required technical and professional expertise
Advanced Malware Reverse Engineering: Minimum 5 years of experience in malware reverse engineering and demonstrated expert-level proficiency in advanced malware analysis techniques. This includes manual and automated unpacking of packed/obfuscated executables, rootkit analysis, dissecting complex exploit chains, bypassing sophisticated anti-analysis/evasion mechanisms, and reconstructing malware logic from highly optimized assembly code.
Programming & Scripting Expertise: Expertise in at least one high-level programming language (e.g., Python, C, C++, Go) for developing analysis tools, automating tasks, scripting debuggers, and parsing complex data structures (e.g., malware configuration blocks, network protocols, cryptographic key values).
Debugging & Disassembly Tools: Extensive hands-on experience with industry-standard debugging and disassembling tools (e.g., IDA Pro, Ghidra, x64dbg, WinDbg, GDB) for static and dynamic malware analysis, including advanced debugging techniques, scriptable breakpoints, and process injection/hooking.
Assembly Language Proficiency: Deep, demonstrable expertise in assembly language (x86/x64/ARM/ARM64) and processor architectures, with the ability to swiftly comprehend low-level code, decipher malware behavior, and identify vulnerabilities or exploit mechanisms.
Signature Development: Proven ability to develop high-fidelity signatures and rules for threat detection and research, including YARA rules, network-based signatures (e.g., Snort/Suricata), and behavioral indicators, to effectively identify and track malware families and activities.
Preferred technical and professional experience
Malware Platform Breadth: Experience analyzing a wide range of malware file types, including Windows PE, ELF (Linux), MacOS binaries, and mobile platforms (Android/iOS).
Forensic Artifact Analysis: Proficient in analyzing diverse forensic artifacts, including file system data, system logs, network packet captures, registry hives, and memory dumps, to reconstruct infection chains and and malware activity.
Malicious Document Analysis: Experience with analyzing malicious documents (e.g., Office macros, PDF exploits) and understanding associated exploitation techniques.
Operating System Internals: Deep working knowledge of various Operating Systems (Windows internals, macOS, Linux) and processor architectures (x86, x64, ARM, ARM64) relevant to malware execution.
Threat Intelligence Collaboration: Experience supporting incident response partners, managed security, or threat intelligence teams, and clearly and concisely presenting complex malware analysis findings through high-quality written reports and oral briefings for diverse technical and non-technical audiences.
Automated Sandbox Familiarity: Familiarity with automated sandbox technologies for dynamic malware analysis (e.g., Cuckoo Sandbox, VMRay, Any.Run).
IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.