ZipRecruiter

Log In

1

Windows Malware Reverse Engineer Jobs in California

Upwind Security

Windows Engineer

San Francisco, CA · On-site +1

From misconfigurations to malware defense, Upwind ensures end-to-end, cost-effective cloud ... Windows OS. The group faces complex engineering issues on a daily basis, both solving new ...

TikTok

Staff Security Engineer - Windows

San Jose, CA · On-site

$244K - $450K/yr

With solid programming skills and good coding habits - Familiar with reverse engineering ... malware analysis, etc. Preferred Qualifications - Bachelor or above degree in Computer Science or ...

TikTok

Senior Security Engineer - Windows

San Jose, CA · On-site

$212K - $387K/yr

With solid programming skills and good coding habits - Familiar with reverse engineering ... malware analysis, etc. Preferred Qualifications - Bachelor or above degree in Computer Science or ...

RIT Solutions, Inc.

Senior SQL Developer

Corona, CA · On-site

Fleetwood high end doors & windows; ERP integration Role Overview * We're seeking a hands on Senior ... You'll reverse engineer and stabilize the legacy SnapShot application, design and build modern SQL ...

RIT Solutions

Senior SQL Developer

Corona, CA · On-site

Fleetwood high end doors & windows; ERP integration Role Overview We're seeking a hands on Senior ... You'll reverse engineer and stabilize the legacy SnapShot application, design and build modern SQL ...

Geico

CSIRT Engineer (HYBRID)

Palo Alto, CA

$60K - $150K/yr

Host-based analysis of Windows, Linux and Mac operating systems * Examine data collected from a ... GIAC Reverse Engineering Malware (GREM) * GIAC Defending Advanced Threats (GDAT) * GIAC Cyber ...

next page

Showing results 1-20

All JobsWindows Malware Reverse Engineer JobsWindows Malware Reverse Engineer Jobs in California

Windows Malware Reverse Engineer information

What is the difference between Windows Malware Reverse Engineer vs Cybersecurity Analyst?

AspectWindows Malware Reverse EngineerCybersecurity Analyst
Required CredentialsKnowledge of reverse engineering, malware analysis, programming skills, certifications like GREM or GREMSecurity certifications like CISSP, CEH, or Security+; broader cybersecurity knowledge
Work EnvironmentSpecialized labs, malware analysis environments, often in security firms or R&D teamsSecurity operations centers, corporate IT teams, or government agencies
Industry UsagePrimarily in cybersecurity, malware research, threat intelligenceAcross industries for threat detection, incident response, and security policy enforcement

While both roles require cybersecurity knowledge, Windows Malware Reverse Engineers focus on dissecting malicious software to understand its mechanics, whereas Cybersecurity Analysts monitor and respond to security threats across organizations. The roles often overlap in skills but differ in daily tasks and focus areas.

What does a Windows Malware Reverse Engineer do?

A Windows Malware Reverse Engineer analyzes malicious software designed to target Windows operating systems. Their primary tasks include dissecting malware to understand how it works, identifying its behavior and purpose, and determining how it infects systems. They use specialized tools and techniques such as disassemblers, debuggers, and virtual environments to safely analyze and decode malware. The insights gained help develop detection methods, improve cybersecurity defenses, and assist in incident response.

What are some common challenges faced by Windows Malware Reverse Engineers, and how can they be addressed?

Windows Malware Reverse Engineers often face challenges such as dealing with heavily obfuscated code, rapidly evolving malware techniques, and anti-analysis mechanisms designed to thwart reverse engineering efforts. These challenges require staying up-to-date with the latest tools, regularly practicing with new malware samples, and collaborating with peers to share insights. Building a strong foundation in Windows internals, assembly language, and using debuggers or disassemblers like IDA Pro or Ghidra can help overcome these obstacles and improve overall analysis efficiency.

What are the key skills and qualifications needed to thrive as a Windows Malware Reverse Engineer, and why are they important?

To thrive as a Windows Malware Reverse Engineer, you need strong knowledge of Windows internals, assembly programming, and malware analysis techniques, usually backed by a degree in computer science or cybersecurity. Proficiency with tools like IDA Pro, Ghidra, OllyDbg, and familiarity with common malware frameworks and relevant certifications such as GIAC Reverse Engineering Malware (GREM) are typically required. Attention to detail, analytical thinking, and strong problem-solving abilities are essential soft skills for unraveling complex threats. These competencies are crucial for identifying, understanding, and mitigating advanced malware threats that target Windows environments.
What are popular job titles related to Windows Malware Reverse Engineer jobs in California? For Windows Malware Reverse Engineer jobs in California, the most frequently searched job titles are:
What job categories do people searching Windows Malware Reverse Engineer jobs in California look for? The top searched job categories for Windows Malware Reverse Engineer jobs in California are:
What cities in California are hiring for Windows Malware Reverse Engineer jobs? Cities in California with the most Windows Malware Reverse Engineer job openings:
Windows Malware Reverse Engineer jobs near you
Principal Researcher, Botnet & DDoS Threats

Principal Researcher, Botnet & DDoS Threats

A10 Networks, Inc.

San Jose, CA • On-site

$200K - $215K/yr

Full-time

Posted 22 days ago

Job description

Principal Researcher, Botnet & DDoS Threats
The DDoS threat landscape has crossed a threshold. Botnets like Aisuru and Kimwolf-comprising millions of compromised Android TV and IoT devices and capable of attacks exceeding 24 Tbps and 9 billion packets per second-are no longer edge cases. They are the baseline.
Defeating these threats requires more than external observation. It requires deep visibility into how they are built, how they execute on the wire, and what that means for the systems designed to stop them.
This role sits at the intersection of binary exploitation research and real-world defensive impact. You will reverse engineer active IoT botnet malware, translate findings into detection logic and packet-level attack signatures, and work across engineering, product, and research to ensure insights directly improve detection and customer defense.
What you will do
  • Reverse engineer IoT botnet malware families (Mirai lineage, Go-based L7 flooders, multi-architecture binaries) to understand attack behavior at the implementation and network level. You will reconstruct command structures, decode obfuscation, recover control flows from stripped binaries, and build precise models of how attacks manifest on the wire
  • Perform dynamic malware analysis in sandboxed and purpose-built lab environments to validate static analysis and observe runtime behavior
  • Design and contribute to novel detection and mitigation approaches based on malware internals and traffic behavior
  • Collaborate with AI/ML teams to integrate automated analysis into research workflows. This is not passive tool usage-you will actively shape how automation is applied to real malware analysis problems
  • Partner with product engineering to translate research into shipped detection capabilities
  • Lead external-facing research: threat reports, technical blogs, and conference presentations. At principal level, you own the narrative and direction of research output
  • Engage directly with customers in post-incident analysis, architectural guidance, and strategic threat briefings-clearly explaining both attacker behavior and defensive actions
  • Work alongside senior researchers focused on IoT botnets and large-scale DDoS systems, contributing to and benefiting from a deeply technical peer environment

What you need
  • Strong foundation in binary reverse engineering using tools such as Ghidra or IDA, including static analysis across multiple architectures and experience with stripped binaries and compiler-generated code; you should be comfortable working close to raw assembly and control flow, not dependent on tooling abstraction
  • Hands-on experience with dynamic malware analysis in sandbox or isolated lab environments, using runtime observation to validate and extend static findings
  • Working proficiency in Python and Go
  • Strong understanding of network protocols at the implementation level, including the ability to interpret PCAPs and reconstruct protocol behavior
  • Familiarity with DDoS botnet architectures (e.g., Mirai lineage or equivalent), ideally with direct analysis of binaries rather than secondary reporting. Experience tracking variant evolution across malware families is a strong plus
  • Ability to communicate complex technical findings clearly across engineering, product, and customer audiences; at this level, communication quality is a core part of technical impact

Nice to have
  • Experience with high-performance packet processing or mitigation systems at the network and transport layers
  • Experience analyzing Go binaries in depth
  • Exposure to malware source code
  • Experience applying ML-assisted or vector-based approaches to malware classification, clustering, or lineage attribution

Tools & environment
Ghidra (headless + GUI), Capstone, GoReSym • Python 3, Go, Scapy, tshark • Any.run, Joe Sandbox, Cuckoo (or equivalent) • custom detonation lab infrastructure • honeypot infrastructure • MalwareBazaar, VirusTotal • macOS or Linux
AI Use Guidelines for Interviews: Our interviews are designed to reflect your own skills and thinking. The use of AI or recording tools during live interviews is not permitted unless explicitly invited by the interviewer or approved in advance as part of a reasonable accommodation. If these tools are used inappropriately or in a way that misrepresents your work, your application may not move forward in the process.
Targeted compensation guideline: $200,000 - $215,000. Compensation will vary based on number of factors, including market demand for specific skills, role type, job level, and individual qualifications. Final salary offers are determined by considerations including, but not limited to, subject matter expertise, demonstrated skill level, relevant experience, geographic location, education, certifications, and training.
A10 Networks is an equal opportunity employer and a VEVRAA federal subcontractor. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status, or any other characteristic protected by law. A10 also complies with all applicable state and local laws governing nondiscrimination in employment.
#LI-AN1 - Hybrid

Apply