Pursuing a career in Malware Analysis

There's surely a lot of relationship between Software Quality and Testing and Malware analyst. The basic principals of looking into how something works, testing out it's boundaries of operation, and delving into the extent of its functions are common to both. That being said, it would also depend on the type of software you are looking for.

I know of several people who left college and went out into the 'malware' (perhaps not that specific.. but general computer protection/analysis) field straight out of college, so that is a possibility too.

If you want a leg up, look into colleges that offer Information Assurance, or Computer Forensics degrees. (Perhaps a master's program).


You might want to look into the excellent article How to Get Started With Malware Analysis by Lenny Zeltser on SANS. It was written in 2010 but is still relevant today.It covers the Articles, Books, Forums, Blogs and Courses that one could follow to become a Malware Analyst

As mentioned in other answers, you also need to be fundamentally good at x86, C/C++, Assembly

I would suggest a self paced course like eLearnSecurity Advanced Reverse Engineering of Software

Later on, when you've got more hands on experience, other courses I would recommend are

(Google these, my reputation level does not allow me to post more than 2 links in my answer)

  • InfoSec Institute Reverse Engineering Training
  • MANDIANT Introduction to Malware Analysis
  • MANDIANT Customized Malware Analysis
  • MANDIANT Intermediate Malware Analysis
  • MANDIANT Advanced Malware Analysis
  • InfoSec Institute Advanced Reverse Engineering Malware

This question has been answered, but others may benefit from hearing all sides of this.

I'm a security analyst that does malware incident response for a giant company. Most of these answers seem to lead you down the path of reverse engineering new threats and developing signatures or other inoculations, but I ask you to clarify your question; you may be more interested in what I do.

In my case I get alerts from various sources (AV alerts, in-house tools for process tracking, tier 1 support requests, etc.) and use remote forensic toolsets to gather artifacts from the system and, in conjunction with leveraging network and proxy logs, determine if a system has been compromised. The goal is finding "IOC" (indicators of compromise), such as executed process hashes lighting up VirusTotal.com, finding custom shim databases in the USN Journal installed by a dropper, detecting WMI persistence modules, and on and on. Part of the job is keeping up with all the new techniques and knowing what to look out for, honing your craft.

In this case you don't need any skills in programming (C/C++, ASM, etc.), nor do you necessarily need many/any certifications. The foundation for this field of work is:

  • Knowing systems; get some experience doing tier 1 support or system/network admin at a small or medium business. The requirements for obtaining that job are significantly lower than what I'm listing here, especially with your CS degree.
  • Having a curious, paranoid, and analytical mind
  • Being aware of networking, security principles, and a feel of the popular free or open source tools like Nessus and Wireshark. There is no need to "already be an expert" as you say... the field of malware analysis is evolving too much for that, you just have to be adaptable yourself and keep pace as best you can.

I might be totally off-base, and you would rather disassemble code to develop signatures while working at an antivirus company, but I hope this opens your eyes to the other possibilities you have open to you.

Tags:

Malware

Career