The Citizen Lab at the University of Toronto’s Munk School of Global Affairs is hiring a Security Researcher / Malware Analyst to support our work on threats against civil society.

The Citizen Lab is based at the Munk School of Global Affairs, University of Toronto. We conduct original research on information security that bears on international human rights law and policy. Our research is high-profile, technically rigorous, and regularly generates significant impact on public policy and advocacy.

Key responsibilities: The main project the Security Researcher will work on is analyzing targeted malware attacks against civil society groups. This work will include analyzing Citizen Lab’s internal feeds of malware, as well as interacting with subscription malware and infrastructure analysis services and feeds.  The Security Researcher will regularly work with other researchers at the Citizen Lab and at partner organizations to analyze and attribute sophisticated malware campaigns and collaborate in drafting technical reports and papers. The security researcher will also be encouraged to engage on other Citizen Lab projects such as  security audits of mobile  applications and analysis of Internet filtering and surveillance systems.

Supervisor: The Security Researcher will report directly to the Director of the Citizen Lab.

Required Skills:  Demonstrated experience analyzing malicious x86 and x64 binaries, including packed and obfuscated code, using static and dynamic analysis tools, malware analysis sandbox software (e.g, Cuckoo Sandbox) disassemblers and debuggers (e.g, IDA Pro, Olly Dbg) and network analysis and network spoofing tools.  The successful candidate will have excellent communication skills and ability to explain complicated technical concepts to non technical audiences.

Desired Skills: Familiarity with reversing Android applications and mobile malware, familiarity with document based malware, experience tracking and linking targeted attack campaigns,.

Desirable Attributes: We are seeking applicants with a strong sense of professional discretion and interest in civil society issues

Contact: Interested applicants should send an email with cover letter and resume to with subject line “Security Researcher Application”