Senior Security Analyst

Job Description

Job Description

Salary:

The Media Trust is hiring a Senior Security Analyst, AdTech Threat Detection to join our Digital Security and Operations team to lead investigations into malicious behavior within the programmatic advertising ecosystem. This role requires deep technical expertise in malware analysis particularly JavaScript-based threats, OSINT research, and the ability to trace malicious infrastructure from domains and network calls made by adtags and third-party code.

The ideal candidate will help expand our threat detection capabilities, develop scalable detection techniques, and collaborate cross-functionally to ensure the digital supply chain remains clean and secure. Your work will directly contribute to protecting users and partners from evolving malvertising campaigns.

Key Responsibilities

• Perform in-depth analysis of malicious JavaScript, third-party code, and adtag behavior to detect and characterize threats.
• Investigate network calls made by adtags to uncover suspicious or malicious domains through OSINT and threat intelligence techniques.
• Conduct static and dynamic analysis of malware artifacts, especially those affecting browsers and ad delivery chains.
• Research threat actor TTPs and track malvertising infrastructure across campaigns.
• Develop Regex signature rules, indicators of compromise (IOCs), and detection logic to proactively identify and flag threats.
• Document investigation findings in detailed reports including TTP mapping to the MITRE ATT&CK framework.
• Collaborate with developers, operations, and analysts to enhance the security of the ad delivery process.
• Continuously improve processes by developing scripts and tools to automate investigation, enrichment, and detection.
• Effectively communicate highly technical information to clients and management.
• Mentor junior analysts and provide technical leadership on threat research methodologies.

Required Qualifications

• Bachelors degree in Computer Science, Information Security, Cybersecurity or related field (or equivalent experience).
• 5+ years of experience in malware analysis, threat detection, or incident response.
• Expertise in JavaScript deobfuscation, browser-based malware, and dynamic execution tracing.
• Strong OSINT skills for domain/IP investigation and infrastructure mapping.
• Proficient in scripting languages such as Python or Bash to automate tasks.
• Familiarity with analyzing malicious behavior in the context of adtech and supply chain compromises.
• Experience with MITRE ATT&CK mapping, Regex, YARA, and detection rule development.
• Ability to implement automation scripts to improve efficiency where applicable
• Excellent analytical, writing, and communication skills for both technical and executive audiences.

Preferred Qualifications

• Familiarity with ad serving platforms, RTB (real-time bidding), and SSP/DSP interactions.
• Understanding of client-side web technologies and attack vectors (DOM-based XSS, JS injection, etc.).
• Experience with analyzing mobile-specific ad malware and SDK-based threats.
• Knowledge of threat intelligence platforms (e.g., VirusTotal, HybridAnalysis, PassiveTotal).
• Experience with browser automation frameworks (e.g., Puppeteer, Selenium) for dynamic analysis.