Hottest IT Jobs of 2014? Malware Analyst Positions Up 60% YoY

Hottest IT Jobs of 2014? Malware Analyst Positions Up 60% YoY

When my students ask me how their studies at UCSB might transfer into corporate IT positions, I point to the rapid rise in cyber-security — and particularly malware analyst — positions worldwide. In response to increasingly sophisticated, advanced malware that evades detection and the advanced persistent threats that are bombarding organizations, many IT teams are hiring malware researchers to make sense of the deluge.

malware-analyst-career

 

A recent study by online recruitment company RealMatch, which powers a network of job sites for digital publishers called TheJobNetwork, measured a 60 percent increase in malware analyst positions across its network year-over-year from April 2013 to April 2014. In January, Cisco estimated there were more than one million open cyber-security positions worldwide.

Traditional IT security tools are not enough to catch sophisticated malware, and some companies are seeing hundreds of alerts *an hour* from more sensitive malware detection tools, which leads to alert fatigue — as was the case at Target.

Businesses need malware analysts to not only quickly detect and mitigate malware attacks in-progress, they must also reverse engineer the malware itself to determine what damage may have been done, what the intent of the malware creator was and how to prevent future attacks that might leverage similar techniques.

These skills are in high demand, and people who pursue education and experience in this arena can look ahead to bountiful job opportunities, like those noted by Software Advice in a recent post on future careers in cyber-security. In fact, we’re currently hiring an information security analyst and a malware reverse engineer at Lastline – both of which are malware analyst positions, although on the vendor side as opposed to “in-house” at a company or government agency.

Unlike blackhat-turned-whitehat pentesting positions of decades past, where hackers would be hired by banks or retailers to manually hack into their systems to test their defenses, malware analysts must be able to compile and analyze tremendous amounts of real-world, external data on evasive, ever-changing and highly-sophisticated malicious software. They’re not hacking for identifiable holes in a company’s armor. They’re identifying and blocking new types of malware using heuristics, sandboxing, static analysis, machine learning and statistical models.

But how can companies find qualified candidates with the right combination of skills and experience? One way to spot talent is to check out The International Capture the Flag (iCTF) contest, the world’s largest educational hacking competition performed on the Internet (as of 2012). Started in 2001 at UCSB, the iCTF is in its 10th year as an international competition with more than a thousand students involved. Challenges have included simulated application, network and browser compromises, botnet deployments, evading intrusion detection, defusing the firmware of a “bomb” and simulating large-scale money laundering operations (always in a safe environment).

You can also sign up for our online summer IT security educational series with Professor Engin Kirda of Northeastern University, co-founder and chief scientist at Lastline. He’ll be giving condensed video seminars on topics pertaining to evasive malware, advanced persistent threats, zero-day exploits and IT security best practices.

So do you have what it takes to be a malware analyst? Do you want to jump to the frontlines against the rapidly rising global onslaught of malicious code taking over the Internet, corporate networks, mobile applications and even your favorite big box retailer’s POS system? Check for jobs in your area and apply. And if you are looking for an area of study with a promising outlook for landing a job, computer science and cyber-security are where it’s at.

Giovanni Vigna

Giovanni Vigna

Giovanni Vigna is one of the founders and CTO of Lastline as well as a Professor in the Department of Computer Science at the University of California in Santa Barbara. His current research interests include malware analysis, web security, vulnerability assessment, and mobile phone security. He also edited a book on Security and Mobile Agents and authored one on Intrusion Correlation. He has been the Program Chair of the International Symposium on Recent Advances in Intrusion Detection (RAID 2003), of the ISOC Symposium on Network and Distributed Systems Security (NDSS 2009), and of the IEEE Symposium on Security and Privacy in 2011. He is known for organizing and running an inter-university Capture The Flag hacking contest, called iCTF, that every year involves dozens of institutions around the world. Giovanni Vigna received his M.S. with honors and Ph.D. from Politecnico di Milano, Italy, in 1994 and 1998, respectively. He is a member of IEEE and ACM.
Giovanni Vigna