Malware Analyst (Javascript Threat Researcher)

Responsibilities:
Conduct ongoing research and malware analysis of malicious JavaScript, focusing on Magecart and similar digital skimming threats.

• Monitor compromised websites and third-party scripts to identify indicators of compromise (IOCs) and novel attack patterns.
• Build and maintain tools or scripts to automate the detection and monitoring of suspicious JavaScript behavior.
• Track threat actor groups and their evolving tactics, techniques, and procedures (TTPs).
• Contribute to the enhancement of threat intelligence feeds and the refinement of detection logic.
• Prepare detailed technical reports and threat advisories for both internal teams and external customers.

Minimum Qualifications:

• 3+ years of experience in cybersecurity with a focus on web security or malware analysis.
• Ability to write in Python or other programming languages to support automation and data analysis.
• Strong analytical and problem-solving skills.

Required Qualifications:

• Proficiency with tools such as browser debuggers, proxy tools (e.g., Burp Suite, Fiddler, Wireshark), and threat intelligence platforms (e.g., URLScan, PublicWWW, DomainTools, SecurityTrails, Censys, Validin).
• Familiarity with MITRE ATT&CK framework and IOC enrichment processes.
• Knowledge of content security policy (CSP), subresource integrity (SRI), and browser security models.
• Strong understanding of JavaScript, including obfuscation and deobfuscation techniques.
• Hands-on experience in analyzing Magecart or similar client-side and server-side threats.
• Excellent written and verbal communication skills in English.