Malware Engineer for Moonlock

Since 2008, MacPaw has been creating complex technology and packaging it into Mac apps everyone can use. And as cyber threats started looming over the Apple ecosystem, they became a special focus of our work, leading to the creation of Moonlock — MacPaw’s dedicated cybersecurity division.

We are looking for a Malware Engineer to join Moonlock — someone detail-oriented, careful, and attentive in their work. This role is a good fit for a technically curious and ambitious person who enjoys deep technical analysis, values accuracy, and likes understanding how things work at a low level.

You will be part of a highly collaborative macOS-focused malware research lab, working closely with teammates, sharing findings, exchanging feedback, and continuously improving our detection pipeline in a fast-evolving threat landscape.

In this role, you will:

• Review new macOS malware samples and analyze their purpose, functionality, and behavior.

• Perform static analysis to identify malicious logic, artifacts, and patterns relevant for detection. 

• Conduct controlled dynamic analysis in an internal sandbox environment to observe runtime behavior.

• Capture and document key behavioral indicators, including file system, process, and network activity.

• Create basic detection content (e.g., simple YARA rules) under the guidance of the team.

• Improve or fine-tune existing signatures based on feedback and new analysis insights.

• Collect and structure IoCs derived from analysis results.

• Prepare short internal write-ups to share findings, conclusions, and recommended next steps with the team.

Skills you’ll need to bring:

• English proficiency at an Intermediate level or higher.

• Strong experience in reverse engineering, with the ability to analyze macOS binaries using tools such as Ghidra, IDA, Hopper, LLDB, or Frida.

• Solid understanding of macOS internals, including Mach-O format, process model, system APIs, persistence mechanisms, code signing, and basic kernel-level concepts.

• Hands-on experience with static malware analysis to extract functionality, identify malicious patterns, and support detection development.

• Ability to perform controlled dynamic analysis of malware samples and document behavioral indicators.

• Proficiency in writing clear and accurate YARA rules and other signature types based on code, metadata, and behavioral artifacts.

• Familiarity with common anti-analysis, anti-VM, and anti-debugging techniques and an understanding of how to bypass or interpret them.

• Understanding of Threat Intelligence fundamentals and the ability to map malware behavior to known tactics and techniques (e.g., MITRE ATT&CK).

• Experience collecting IoCs and transforming analysis results into actionable detection content.

• Ability to clearly communicate technical findings to teammates, PMs/EMs, and occasionally support engineering teams.

• Strong problem-solving mindset, curiosity, and proactive attitude toward learning new malware families and techniques.

• Intermediate scripting skills (Python or similar) for automating analysis tasks and supporting internal tooling.

As a plus:

• Experience analyzing advanced macOS malware families, including those using persistence, injection, or stealth techniques.

• Familiarity with Objective-C, Swift, C/C++, or assembly-level understanding of macOS calling conventions.

• Experience working with macOS sandbox technologies, Endpoint Security Framework, or system-level event tracing tools (e.g., eslogger, fs_usage, instruments).