Malware Analyst (Tactical CTI)

Senior Malware Analyst | UK Remote | £60,000 to £80,000 | SC Clearance Eligible Hands-on malware work at the technical end of CTI. Live samples, often APT-grade. Real reverse engineering, not alert triage with malware in the title.

TechTrace Partners is working with a growing UK cyber security consultancy on a hands-on Malware Analyst hire, sat within their tactical threat intelligence function. You will be working on previously unseen samples, often linked to nation-state activity, producing analysis that goes straight into the detections security teams rely on. The work Static and dynamic analysis of unfamiliar samples: unpacking, deobfuscation, behavioural analysis Reverse engineering custom and commodity malware to understand capability, intent, and lineage Extracting IOCs, configurations, and C2 infrastructure from samples Writing YARA rules and detection logic from your findings, deployed into customer environments Short, useful malware reports written for technical readers, not executive summaries Linking samples to wider campaigns and threat actor activity in coordination with the wider Threat Operations team You'll fit if you have Demonstrable malware analysis experience, static and dynamic, on advanced or APT-grade samples Strong with at least one disassembler (IDA or Ghidra) and a debugger (x64dbg, WinDbg, or similar) Sandbox fluency (Cuckoo, Any.Run, Joe Sandbox, CAPE, or in-house equivalents) Solid grasp of common malware techniques: packing, code injection, persistence, anti-analysis, C2 Comfortable scripting in Python for automation and tooling Clear, direct written communication SC clearance eligible (no sponsorship available) Bonus points for YARA rule writing at scale and detection engineering experience CTI framework familiarity (MITRE ATT&CK, Diamond Model, Kill Chain) Public research, open-source tooling contributions, or conference talks (BSides, SteelCon, RECon, VB) GREM, CRTIA, OSED, or equivalent Exposure to nation-state or APT-grade tradecraft (loaders, RATs, implants) Why malware specialists like this seat Sample quality.

Live, unfamiliar, often APT-grade. Not the same handful of commodity families. Closed loop.

Your YARA and detection rules deploy into customer environments and shape what gets caught. Protected analysis time. Deep-focus blocks are normal and expected, not a luxury you have to fight for.

No SOC tier work. This is not a generalist analyst seat with malware bolted on. The CTI as a Service ticket queue is malware and threat actor work, not alert triage.

Senior IC ownership. Scope your own engagements, bring your own ideas, push back on direction. Optional overseas travel (around once a quarter, never mandatory) to deliver capacity building and training to international partners.

Nice if you want it, ignored if you don't. Room to grow into deeper RE, threat hunting, or research as the consultancy's CTI capability expands. Process Three stages: a 30-minute intro with me (Gary at TechTrace), a technical interview focused on real samples and your RE approach, and a final fit conversation with the client.