Malware Analyst.

A specialist who reverse-engineers malicious binaries — static and dynamic — to extract indicators, characterize capabilities, attribute to threat groups, and produce detection content for SIEM/EDR coverage. Cette notion relève de la catégorie Rôles et carrières en cybersécurité.

A specialist who reverse-engineers malicious binaries — static and dynamic — to extract indicators, characterize capabilities, attribute to threat groups, and produce detection content for SIEM/EDR coverage.

A malware analyst (also called reverse engineer or threat analyst, depending on the org) is the practitioner who takes a captured binary, document, or implant and tears it apart to answer: what does it do, who wrote it, how do we detect and stop it, and what does the broader campaign look like. Workflow typically begins with safe acquisition, then triage in a sandbox (ANY.RUN, Joe Sandbox, Cuckoo/Cape, MalwareBazaar) for behavioural signatures, followed by static analysis with IDA Pro, Ghidra, Binary Ninja, or Cutter for x86/ARM, jadx/dex2jar for Android, Hopper or Ghidra for macOS, dnSpy for .NET, and Hindsight/MSI tooling for installers. Dynamic analysis pairs a debugger (x64dbg, WinDbg, lldb, gdb) with sandboxed live execution. Outputs include YARA rules, Sigma rules, IOCs, attribution clues (PDB strings, language, code reuse), capability matrices, and written reports for CTI consumers. Many malware analysts also operate as 'threat intelligence' or 'threat research' staff, feeding the broader defender community through blog posts, conference talks, and vendor research feeds. Certifications often associated: GIAC GREM, SANS FOR-610, eLearnSecurity eCRE, plus Offensive Security and TCM Security RE courses.

Les défenses contre Malware Analyst combinent habituellement des contrôles techniques et des pratiques opérationnelles, comme détaillé dans la définition ci-dessus.

Noms alternatifs courants : Reverse engineer, Threat research analyst.