Computer Scientist I

Our Company

Changing the world through digital experiences is what Adobe’s all about. We give everyone—from emerging artists to global brands—everything they need to design and deliver exceptional digital experiences! We’re passionate about empowering people to create beautiful and powerful images, videos, and apps, and transform how companies interact with customers across every screen. 

We’re on a mission to hire the very best and are committed to creating exceptional employee experiences where everyone is respected and has access to equal opportunity. We realize that new ideas can come from everywhere in the organization, and we know the next big idea could be yours!

Malware Security Specialist – Code Signing & Supply Chain Security

 

 Role Description
We are looking for a cybersecurity professional specializing in malware analysis with deep hands-on expertise and a strong security engineering outlook to protect our software supply chain.

This role owns the malware detection, analysis, and validation layer of the code signing pipeline and plays a critical role in preventing malicious or compromised artifacts from being signed and distributed.

You will operate at the intersection of malware research, detection engineering, and secure software delivery, working closely with Product Security, Build/Release, Platform, and Engineering teams to assess risk and strengthen defenses without disrupting delivery.

Key Responsibilities

Core Malware Analysis & Detection (Primary Focus)

• Perform advanced static and dynamic malware analysis on suspicious binaries to understand full execution behavior and risk.
• Reverse engineer malicious files using disassembly and debugging to analyze payloads, execution flow, persistence mechanisms, command-and-control behavior, and evasion techniques.
• Design, author, and maintain high-fidelity detection logic, including YARA rules and custom signatures, for known malware families and emerging threats.
• Lead malware scan result validation and triage, accurately distinguishing true positives from false positives and driving root cause analysis.
• Define remediation strategies, detection improvements, and rule tuning to continuously improve signal quality.
• Track evolving attacker techniques and proactively adapt detection strategies to address new evasion and supply chain abuse patterns.
• Design and build in-house malware security tooling and automation to improve detection accuracy, triage workflows, and developer feedback loops.
• Deeply understand how modern security solutions (EDR and malware engines) function internally, including detection logic, behavioural analysis, telemetry pipelines, and response automation.
• Evaluate and integrate third-party malware scanning technologies where appropriate, balancing coverage, performance, and false-positive impact.
• Partner with CI/CD and platform teams to ensure malware scanning is cleanly embedded into build and signing workflows.

Code Signing & Supply Chain Security

• Maintain strong working knowledge of code signing systems, including certificates, trust chains, timestamping, signing policies, and root-of-trust concepts.
• Analyze signed artifacts and signing metadata to detect anomalies in certificates, issuers, signing patterns, and revocation status.
• Identify and assess risks related to signed malware, certificate misuse, anomalous signing activity, and potential key compromise.
• Understand the end-to-end artifact lifecycle (build → sign → distribute) and identify where supply chain threats can be introduced.
• Contribute to strengthening controls and monitoring across the software supply chain to defend against build system compromise, poisoned dependencies, and signed malware campaigns.
   

Leadership Responsibilities

• Act as a domain expert for malware and artifact security, advising engineering and release teams on risk and remediation.
• Lead investigations into malware and supply chain security findings, driving resolution without unnecessary delivery disruption.
• Clearly communicate technical findings and risk assessments to both technical teams and security leadership.

Required Skills & Experience

Core Malware Expertise ( Specialist)

• 4-6 years extensive hands-on experience in static and dynamic malware analysis.
• Strong reverse engineering expertise using tools such as IDA Pro, Ghidra, x64dbg, Radare2, or Binary Ninja.
• Deep understanding of malware techniques including persistence, obfuscation, evasion, loaders, droppers, and C2 communication.
• Proven experience authoring and maintaining YARA rules and custom detection signatures at scale.
• Demonstrated ability to validate malware scan results, manage false positives, and perform deep root cause analysis.
• Experience operating or owning malware scanning solutions in production environments.

Supply Chain Security

• Strong supply chain security attitude with understanding of modern software supply chain attacks.
• Experience reasoning about threats across CI/CD pipelines, build systems, dependencies, and artifact distribution.
• Familiarity with artifact integrity, provenance, and secure release practices.

Cloud, Automation & Programming

• Strong automation skills using scripts (Python, Bash, or similar) to improve security workflows.
• Familiarity with at least one programming language; Java preferred.
• Experience working in AWS environments, with hands-on exposure to EC2 and EKS and K8s is a bonus

Soft Skills

• Ability to work with multiple teams and communicate technical findings clearly to both technical and non-technical audiences
• Strong problem-solving skills and ability to work independently

Nice to Have

• Experience with malware scanning engines (VirusTotal, YARA-X, custom detection pipelines)
• Experience handling incidents involving signed malware or compromised certificates
• Background in product security, red teaming, or threat research
• Experience with sandbox evasion techniques and anti-analysis methods

Adobe is proud to be an Equal Employment Opportunity employer. We do not discriminate based on gender, race or color, ethnicity or national origin, age, disability, religion, sexual orientation, gender identity or expression, veteran status, or any other applicable characteristics protected by law. Learn more.

Adobe aims to make Adobe.com accessible to any and all users. If you have a disability or special need that requires accommodation to navigate our website or complete the application process, email accommodations@adobe.com or call (408) 536-3015.