Apply on Employer Site

Adapt Forward · 15 hours ago

Defensive Cyber Operation Watch Malware Analyst

North Charleston, SC

Full-time

Onsite

Senior Level, Lead/Staff

8+ years exp

Adapt Forward is a cybersecurity solutions provider for some of the nation’s most valuable information systems. The role of a Tier 3 Defensive Cyber Operations Watch Malware Analyst involves deep analysis and reverse engineering of malicious code, producing actionable intelligence, and leading incident response efforts.

ComputerCyber SecurityNetwork Security

Comp. & Benefits

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Analyze and understand the behavior of malware using dynamic and static reverse engineering techniques

Produce comprehensive technical reports documenting malware capabilities, mitigation strategies, and recommended defensive actions

Develop and maintain YARA signatures to identify malware families and variants across enterprise environments at scale

Lead incident response efforts, including analysis, mitigation, and reporting of significant incidents per CJCSM 6510.01B

Manage incident response campaigns by developing strategies, coordinating multi-team efforts, and ensuring comprehensive resolution and reporting

Conduct proactive threat hunting to identify advanced threats and vulnerabilities within the network

Lead purple team exercises to evaluate and enhance detection and response capabilities in collaboration with red and blue teams

Evaluate and refine detection mechanisms, including IDS/IPS signatures and log correlation rules, to improve accuracy and reduce false positives

Perform advanced network and host-based digital forensics on Windows and other operating systems to support incident investigations

Coordinate with reporting agencies and subscriber sites to ensure comprehensive analysis and reporting of significant incidents

Develop and maintain internal SOP documentation, ensuring alignment with CJCSM 6510.01B and other directives

Provide 24/7 support for incident response during non-core hours, and mentor junior analysts

Lead program reviews, product evaluations, and onsite certification evaluations

Overtime may be required to support incident response actions (Surge)

Up to 10% travel may be required, may be international

Must maintain a current US Passport

Qualification

Malware analysisReverse engineeringYARA signaturesIncident responseThreat huntingDigital forensicsProgramming skillsSoft skills

Required

Bachelor's Degree in relevant discipline and 3 years or at least 8 years of experience working in a CSSP, SOC, or similar environment

At least 2 years of hands-on experience performing static and dynamic analysis of malware, using tools such as IDA Pro, Ghidra, x64dbg, Wireshark, or Cuckoo Sandbox to determine malware functionality, indicators of compromise (IOCs), and command and control (C2) infrastructure

At least 1 year of experience in reverse engineering, demonstrated by the ability to read and understand disassembled code (e.g., x86/x64 assembly) and decompile code to identify core logic, evasion techniques, and cryptographic functions used by malicious software

Must be a U.S. Citizen

DoD 8570 IAT Level II and CSSP Incident Responder compliant certifications

Secret Clearance required to start, with ability to obtain TS/SCI

Preferred

Possess comprehensive knowledge of programming skills: including C/C++, Assembly language, Windows APIs, Golang, Rust, exploit development, and related disciplines

Extensive knowledge in the use of decompilers, debuggers and other standard malware analysis tools

Proficiency in writing custom scripts to automate the analysis of malware, such as de-obfuscating strings, extracting embedded configuration data, or parsing malicious network traffic

Advanced knowledge of malware obfuscation, packing, and evasion techniques; to include bypassing anti-analysis controls such as anti-debugging, anti-VM, or custom encryption

Extensive experience creating detection signatures based on reverse engineering findings; such as YARA rules, Snort/Suricata signatures, or other network or host-based detection logic

Possession of an advanced, reverse engineering focused certification, such as GIAC Reverse Engineering Malware (GREM), Offensive Security Exploit Developer (OSED), or equivalent

Expertise in log aggregation tools (e.g., Splunk, Elastic, Sentinel) for complex correlation analysis

Demonstrated passion for cybersecurity and continuous learning through active participation in Capture the Flag (CTF) events, (e.g., TryHackMe, Hack The Box, etc)

Completion of practical, hands-on cybersecurity training courses or certifications (e.g., Security Blue Team BTL1/BTL2, AntiSyphon training courses, OffSec OSCP)

Benefits

Comprehensive Physical Wellness Package, including Medical, Dental, Vision Care, plus Flexible Spending Accounts for health- and dependent-care are included in our standard benefits plan.

401k Retirement Plan with Matching Contribution is immediately available and vested.

Annual Training Budget to be used for conference attendance, school enrollment, certification programs, and associated travel expenses.

Eleven Federal Holidays, plus three weeks of PTO/vacation/sick leave that accrues at a rate of ten hours per month.

Employee Assistance Program: Counseling/legal assistance and other employee well-being programs are also offered.