IT Specialist (Security)

The IT Specialist (Security) serves as a Malware Analyst within the Security Operations Center (SOC). In this role, the incumbent performs advanced analysis of malicious software to determine functionality, execution behavior, persistence mechanisms, and attacker intent. The incumbent provides authoritative technical assessments that inform incident containment, remediation, and recovery efforts and contributes to high-confidence threat actor attribution by identifying unique tools, techniques, and behavioral patterns. Key Duties and Responsibilities include, but are not limited to: Performing advanced static and dynamic analysis of complex malware, including binaries and scripts, to determine functionality, behavior, and malicious intent. Reverse engineering malicious executables, installers, and payloads to identify execution flow, persistence mechanisms, and embedded capabilities. Analyzing malware activity within enterprise and proprietary Judiciary systems to assess operational impact and risk. Examining command-and-control (C2) communications, including protocols, encryption methods, obfuscation, and evasion techniques. Identifying, validating, and documenting indicators of compromise (IOCs) derived from reverse engineering and behavioral analysis. Performing sandboxing and instrumented runtime analysis to observe malware execution and system interactions. Correlating malware artifacts with endpoint telemetry, network traffic, and log data to determine scope of compromise and attacker activity. Supporting forensic examinations of compromised systems to confirm malware presence, persistence, and post-exploitation behavior. Providing expert technical guidance to incident responders on attacker capabilities, risks, and recommended containment and mitigation strategies. Producing detailed technical reports and concise summaries that translate complex malware findings into actionable intelligence. Monitoring and analyzing emerging malware families, tools, and techniques to enhance detection, attribution, and SOC response readiness.