Director, Malware Analysis, Threat Intelligence
Kroll · New York, NY · 2 days ago
On-siteAnalyst$200k–$240k/yrFull-time
About the role
Kroll is seeking an experienced and innovative Malware Analysis Director to build and advance our malware analysis capabilities in support of our global Incident Response (IR), Managed Detection and Response (MDR), and Cyber Threat Intelligence (CTI) practices.
Responsibilities
- Develop and maintain automated malware analysis workflows, tooling, and enrichment capabilities to accelerate incident investigations.
- Perform advanced static and dynamic malware analysis, reverse engineering, and behavioral analysis of malware affecting clients.
- Support global Incident Response engagements through malware triage, root cause analysis, attribution support, and threat actor investigations.
- Research emerging malware families, intrusion techniques, and threat actor tradecraft.
- Author technical research reports, threat intelligence products, blogs, and client advisories.
- Partner with CrowdStrike and BlueVoyant MDR teams to develop malware analysis processes that enhance managed detection and response services.
- Provide technical mentorship and guidance to analysts across CTI, MDR, and Incident Response teams.
- Develop detection opportunities, indicators of compromise (IOCs), and analytical methodologies based on malware findings.
- Collaborate with internal malware analysis practitioners and external industry peers to establish best practices and improve investigative capabilities.
- Evaluate and implement new technologies, sandboxes, automation platforms, and AI-enhanced analytical workflows to improve operational efficiency.
- Contribute to the development of new cyber intelligence and malware-focused service offerings.
Requirements
- Bachelor's degree in Cybersecurity, Computer Science, Information Technology, Engineering, or a related field, or equivalent practical experience.
- 5+ years of experience in malware analysis, reverse engineering, digital forensics, incident response, threat intelligence, or a related cybersecurity discipline.
- Strong understanding of Windows internals and common malware execution techniques.
- Experience performing static and dynamic malware analysis in enterprise environments.
- Experience supporting Incident Response investigations involving malware, ransomware, or advanced persistent threats (APTs).
- Strong technical writing skills with the ability to communicate complex findings to both technical and executive audiences.
- Experience creating actionable intelligence products, technical reports, and client deliverables.
- Able to independently conduct research and solve complex technical challenges.
- Strong collaboration and stakeholder engagement skills.
Preferred Technical Skills
- Malware Analysis & Reverse Engineering
- Proficiency with: IDA Pro, Ghidra, Rust, x64dbg, WinDbg, Binary Ninja, Cutter/Rizin
- Experience analyzing: Ransomware, Loaders and downloaders, Info-stealers, Banking trojans, Linux malware, Web shells, Nation-state malware, Advanced persistent threat toolsets
- Programming & Automation
- Strong scripting and development skills in: Python, PowerShell, C#, JavaScript, Go (preferred)
- Experience building automated analysis pipelines and malware triage workflows
- Familiarity with API integrations and workflow orchestration
- Threat Intelligence & Detection
- Knowledge of: MITRE ATT&CK, YARA, Sigma, STIX/TAXII, IOC management
- Experience creating: Detection content, YARA rules, Behavioral signatures, Threat hunting methodologies
- Security Platforms
- Experience working with: CrowdStrike Falcon, Microsoft Defender, SentinelOne, OneBlueVoyant MDR, Splunk, Microsoft Sentinel, Elastic, Mandiant Advantage or similar threat intelligence platforms
- Cloud & Enterprise Technologies
- Familiarity with: AWS, Azure, Google Cloud Platform, Active Directory, Entra ID, Microsoft 365, Enterprise network architectures
- Relevant CrowdStrike certifications