Senior Malware Analyst | UK Remote | £60,000 to £80,000 | SC Clearance Eligible
Hands-on malware work at the technical end of CTI. Live samples, often APT-grade. Real reverse engineering, not alert triage with malware in the title.
TechTrace Partners is working with a growing UK cyber security consultancy on a hands-on Malware Analyst hire, sat within their tactical threat intelligence function.
You will be working on previously unseen samples, often linked to nation-state activity, producing analysis that goes straight into the detections security teams rely on.
The work
* Static and dynamic analysis of unfamiliar samples: unpacking, deobfuscation, behavioural analysis
* Reverse engineering custom and commodity malware to understand capability, intent, and lineage
* Extracting IOCs, configurations, and C2 infrastructure from samples
* Writing YARA rules and detection logic from your findings, deployed into customer environments
* Short, useful malware reports written for technical readers, not executive summaries
* Linking samples to wider campaigns and threat actor activity in coordination with the wider Threat Operations team
You'll fit if you have
* Demonstrable malware analysis experience, static and dynamic, on advanced or APT-grade samples
* Strong with at least one disassembler (IDA or Ghidra) and a debugger (x64dbg, WinDbg, or similar)
* Sandbox fluency (Cuckoo, Any.Run, Joe Sandbox, CAPE, or in-house equivalents)
* Solid grasp of common malware techniques: packing, code injection, persistence, anti-analysis, C2
* Comfortable scripting in Python for automation and tooling
* Clear, direct written communication
* SC clearance eligible (no sponsorship available)
Bonus points for
* YARA rule writing at scale and detection engineering experience
* CTI framework familiarity (MITRE ATT&CK, Diamond Model, Kill Chain)
* Public research, open-source tooling contributions, or conference talks (BSides, SteelCon, RECon, VB)
* GREM, CRTIA, OSED, or equivalent
* Exposure to nation-state or APT-grade tradecraft (loaders, RATs, implants)
Why malware specialists like this seat
* Sample quality. Live, unfamiliar, often APT-grade. Not the same handful of commodity families.
* Closed loop. Your YARA and detection rules deploy into customer environments and shape what gets caught.
* Protected analysis time. Deep-focus blocks are normal and expected, not a luxury you have to fight for.
* No SOC tier work. This is not a generalist analyst seat with malware bolted on. The CTI as a Service ticket queue is malware and threat actor work, not alert triage.
* Senior IC ownership. Scope your own engagements, bring your own ideas, push back on direction.
* Optional overseas travel (around once a quarter, never mandatory) to deliver capacity building and training to international partners. Nice if you want it, ignored if you don't.
* Room to grow into deeper RE, threat hunting, or research as the consultancy's CTI capability expands.
Process
Three stages: a 30-minute intro with me (Gary at TechTrace), a technical interview focused on real samples and your RE approach, and a final fit conversation with the client.