Malware Reverse Engineer
Location: Remote working - Office based in Reading
Salary: Competitive Salary and Benefits
Career Level: Specialist, Associate Manager or Manager
About Accenture Cyber Threat Intelligence (ACTI)
ACTI is a global team that spans 13 countries and 4 continents and speaks more than 30 languages. We are passionate about delivering intelligence analysis, and providing industry-leading analytic insights, cyber context, and critical services our clients need to achieve their business-line and strategic-growth initiatives. We know success is only possible by developing and supporting our most-critical resources: our talented analysts, developers, and supporting team members. We value creativity and entrepreneurship in our team; where possible, we back staff initiatives with opportunities and investments. We enjoy the hunt. We strive to automate and innovate while working with powerful resources and differentiated data. Above all else, we value an egoless approach to guiding our clients as they navigate their businesses through all aspects of the cyber domain.
Who You Are
You are passionate about cybersecurity and intelligence analysis. You stay abreast of the latest threats, recognize the value of intelligence, and believe it should drive operations. You are a devoted team member who is always willing to lend a hand, mentor a colleague, or increase our global team’s awareness by sharing your knowledge and approaches with others. You are productive, easy to work with, and understand that adherence to a good process is key to excellence.
As a Malware Reverse Engineer at ACTI, you will reverse engineer and analyze malware to evaluate sophisticated malicious code to settle malware capabilities and purposes. Analysis includes the use of specialized systems and tools, including dissemblers, debuggers, hex editors, unpackers, virtual machines, and those for network traffic analysis.
- Analyze malicious events and campaigns to determine attack vectors and retrieve malware payloads. Reverse engineer files suspected or known to belong to identified malware families to determine their command-and-control (C2) infrastructure and targeting.
- Incorporate analysis results into detailed reporting to include purpose, behavior, C2 server infrastructure, and mitigation techniques related to analyzed malware families, malicious campaigns, and events.
- Track prevailing malware families, including downloaders, banking Trojans, information stealers, ransomware, and remote access Trojans. Reverse engineer recently discovered malware variants to check potential feature augmentation or configuration structure changes.
- Improve existing tools that extract known malware family configurations based on reverse engineering results.
- Research the latest malware detection evasion techniques, such as use of customized packers, customized crypters, fully undetectable (FUD) techniques, host intrusion prevention system (HIPS) bypassing, and anti-virus (AV) software bypassing. Based on research, design and develop generic unpacking methods and tools for use as standalone tools or within automated analysis systems and sandboxes.
- Provide customer support by responding to requests related to suspicious file analysis that sometimes require malware reverse engineering and determination of contextual information surrounding indicators of compromise; do so by providing detailed analysis reports and mitigation recommendations.
- Provide customer support by responding to cybersecurity requests, including those for: open-source intelligence (OSINT) research; domain, IP address, or URL analysis; malicious campaign information; and/or event attribution. Provide answers to specific questions, the answers of which clients use for operational mentorship to aid their strategies.
- Design, develop, and implement Windows kernel modules to support automated malware analysis; such modules include kernel system service filtering modules able to intercept operating system services on 32-bit and 64-bit Windows operating systems without triggering those systems’ self-protection mechanisms, and kernel-mode modules able to force designated processes to load specific modules that load decoders designed for extracting malware configurations.
- Design, develop, and implement generic unpackers that combat widely used malware packing methods to retrieve malicious payloads from packed malware samples automatically.
- Create detection rules and signatures for detecting malware families, and provide detection or blocking recommendations.
- Develop decoders to extract malware configurations—including basic C2 settings or secondary dynamic configurations, such as those outlining targeted institutions and web injects—based on reverse engineering results.
- Provide junior engineers with technical training, including: training on malware analysis; reverse engineering; Windows internals; and development, identification, unpacking, and de-obfuscation of malicious code.
- Travel occasionally as this position may require doing so to address client needs, improve results, or otherwise support projects.
- Bachelor’s Degree in Computer Forensics, Science, Engineering, Information Systems, or another related security field, or comparable experience.
- Experience with malware analysis, reverse engineering, and development.
- Basic knowledge of and experience with malware packers, crypters, and obfuscation techniques.
- Understanding of operating system internals and the Windows API.
- Experience with debuggers, decompilers, and network traffic analysis tools.
- Development experience in Assembly, Python, C, or C++.
- Strong understanding of the intelligence lifecycle and associated analytic methodologies (Cyber Kill Chain, Diamond Model, ATT&CK, etc.).
- Practical understanding of malware analysis and/or reverse engineering, and the ability to develop malware detection signatures (e.g. YARA).
- Ability to analyze and unpack obfuscated code.
- Strong written and verbal skills; can communicate complex concepts at a high level while retaining accuracy and highlighting features in a way that improves audience engagement.
- Strong problem solving and critical thinking capabilities.
- Two or more years of experience in malware analysis, reverse engineering, and development fields.
- Deep understanding of operating system internals and the Windows API.
- Ability to work with a high degree of independence.
- Ability to collaborate in a team environment to focus on a common goal.
What’s in it for you
At Accenture in addition to a competitive basic salary, you will also have an extensive benefits package which includes 25 days’ vacation per year, gym subsidy, private medical insurance and 3 extra days leave per year for charitable work of your choice!
Accenture is a leading global professional services company, providing a broad range of services in strategy and consulting, interactive, technology and operations, with digital capabilities across all of these services. We combine unmatched experience and specialized capabilities across more than 40 industries — powered by the world’s largest network of Advanced Technology and Intelligent Operations centers. With 509,000 people serving clients in more than 120 countries, Accenture brings continuous innovation to help clients improve their performance and create lasting value across their enterprises. Visit us at www.accenture.com
Accenture is an equal opportunities employer and encourages applications from all sections of society and does not discriminate on grounds of race, religion or belief, ethnic or national origin, disability, age, citizenship, marital, domestic or civil partnership status, sexual orientation, or gender identity, or any other basis as protected by applicable law.
Closing Date for Applications: 30/10/2022
Accenture reserves the right to close the role prior to this date should a suitable applicant be found.
Equal Employment Opportunity Statement
All employment decisions shall be made without regard to age, race, creed, colour, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected applicable law.
Job candidates will not be obligated to disclose sealed or expunged records of conviction or arrest as part of the hiring process.
What people are saying about us
"Love love love!
Current Employee - Analyst in London, England.
Pros: Fantastic culture, amazing flexibility, good rewards, varied work/projects, lots of extra-curricular activities/group.
Cons: Salaries competitive but not market leading, work life balance can be questionable at times.More Accenture UK Ratings and Reviews
Life at Accenture
Work where you're inspired to explore your passions and where your talents are nurtured and cultivated. Innovate with leading-edge technologies on some of the coolest projects you can imagine.
Learn More About Accenture
Our more than 600,000 people in more than 120 countries, combine unmatched experience and specialized skills across more than 40 industries. We embrace the power of change to create value and shared success for our clients, people, shareholders, partners and communities.