Malware Analyst.

A specialist who reverse-engineers malicious binaries — static and dynamic — to extract indicators, characterize capabilities, attribute to threat groups, and produce detection content for SIEM/EDR coverage. サイバーセキュリティの 役割とキャリア カテゴリに属します。

A specialist who reverse-engineers malicious binaries — static and dynamic — to extract indicators, characterize capabilities, attribute to threat groups, and produce detection content for SIEM/EDR coverage.

A malware analyst (also called reverse engineer or threat analyst, depending on the org) is the practitioner who takes a captured binary, document, or implant and tears it apart to answer: what does it do, who wrote it, how do we detect and stop it, and what does the broader campaign look like. Workflow typically begins with safe acquisition, then triage in a sandbox (ANY.RUN, Joe Sandbox, Cuckoo/Cape, MalwareBazaar) for behavioural signatures, followed by static analysis with IDA Pro, Ghidra, Binary Ninja, or Cutter for x86/ARM, jadx/dex2jar for Android, Hopper or Ghidra for macOS, dnSpy for .NET, and Hindsight/MSI tooling for installers. Dynamic analysis pairs a debugger (x64dbg, WinDbg, lldb, gdb) with sandboxed live execution. Outputs include YARA rules, Sigma rules, IOCs, attribution clues (PDB strings, language, code reuse), capability matrices, and written reports for CTI consumers. Many malware analysts also operate as 'threat intelligence' or 'threat research' staff, feeding the broader defender community through blog posts, conference talks, and vendor research feeds. Certifications often associated: GIAC GREM, SANS FOR-610, eLearnSecurity eCRE, plus Offensive Security and TCM Security RE courses.

Malware Analyst に対する防御は通常、上記の定義で述べたとおり、技術的統制と運用上の実践を組み合わせます。

一般的な別名: Reverse engineer, Threat research analyst。