Malware Analyst (Tactical CTI)

Senior Malware Analyst | UK Remote | £60,000 to £80,000 | SC Clearance Eligible

Hands-on malware work at the technical end of CTI. Live samples, often APT-grade. Real reverse engineering, not alert triage with malware in the title.

TechTrace Partners is working with a growing UK cyber security consultancy on a hands-on Malware Analyst hire, sat within their tactical threat intelligence function.

You will be working on previously unseen samples, often linked to nation-state activity, producing analysis that goes straight into the detections security teams rely on.

The work

  • Static and dynamic analysis of unfamiliar samples: unpacking, deobfuscation, behavioural analysis
  • Reverse engineering custom and commodity malware to understand capability, intent, and lineage
  • Extracting IOCs, configurations, and C2 infrastructure from samples
  • Writing YARA rules and detection logic from your findings, deployed into customer environments
  • Short, useful malware reports written for technical readers, not executive summaries
  • Linking samples to wider campaigns and threat actor activity in coordination with the wider Threat Operations team

You'll fit if you have

  • Demonstrable malware analysis experience, static and dynamic, on advanced or APT-grade samples
  • Strong with at least one disassembler (IDA or Ghidra) and a debugger (x64dbg, WinDbg, or similar)
  • Sandbox fluency (Cuckoo, Any.Run, Joe Sandbox, CAPE, or in-house equivalents)
  • Solid grasp of common malware techniques: packing, code injection, persistence, anti-analysis, C2
  • Comfortable scripting in Python for automation and tooling
  • Clear, direct written communication
  • SC clearance eligible (no sponsorship available)

Bonus points for

  • YARA rule writing at scale and detection engineering experience
  • CTI framework familiarity (MITRE ATT&CK, Diamond Model, Kill Chain)
  • Public research, open-source tooling contributions, or conference talks (BSides, SteelCon, RECon, VB)
  • GREM, CRTIA, OSED, or equivalent
  • Exposure to nation-state or APT-grade tradecraft (loaders, RATs, implants)

Why malware specialists like this seat

  • Sample quality. Live, unfamiliar, often APT-grade. Not the same handful of commodity families.
  • Closed loop. Your YARA and detection rules deploy into customer environments and shape what gets caught.
  • Protected analysis time. Deep-focus blocks are normal and expected, not a luxury you have to fight for.
  • No SOC tier work. This is not a generalist analyst seat with malware bolted on. The CTI as a Service ticket queue is malware and threat actor work, not alert triage.
  • Senior IC ownership. Scope your own engagements, bring your own ideas, push back on direction.
  • Optional overseas travel (around once a quarter, never mandatory) to deliver capacity building and training to international partners. Nice if you want it, ignored if you don't.
  • Room to grow into deeper RE, threat hunting, or research as the consultancy's CTI capability expands.

Process

Three stages: a 30-minute intro with me (Gary at TechTrace), a technical interview focused on real samples and your RE approach, and a final fit conversation with the client.

Apply Now
Apply Now

Job Details

Company
TECHTRACE PARTNERS
Location
United Kingdom
Posted