Product Security Engineer 3

Malware Security Specialist Code Signing & Supply Chain Security

Role Description
We are looking for a cybersecurity professional specializing in malware analysis with deep hands-on expertise and a strong security engineering outlook to protect our software supply chain.

This role owns the malware detection analysis and validation layerof the code signing pipeline and plays a critical role in preventing malicious or compromised artifacts from being signed and distributed.

You will operate at the intersection of malware research detection engineering and secure software delivery working closely with Product Security Build/Release Platform and Engineering teams to assess risk and strengthen defenses without disrupting delivery.

Key Responsibilities

Core Malware Analysis & Detection (Primary Focus)

• Perform advanced static and dynamic malware analysison suspicious binaries to understand full execution behavior and risk.
• Reverse engineer malicious filesusing disassembly and debugging to analyze payloads execution flow persistence mechanisms command-and-control behavior and evasion techniques.
• Design author and maintain high-fidelity detection logic including YARA rules and custom signatures for known malware families and emerging threats.
• Lead malware scan result validation and triage accurately distinguishing true positives from false positives and driving root cause analysis.
• Define remediation strategies detection improvements and rule tuning to continuously improve signal quality.
• Track evolving attacker techniques and proactively adapt detection strategies to address new evasion and supply chain abuse patterns.
• Design and build in-house malware security tooling and automationto improve detection accuracy triage workflows and developer feedback loops.
• Deeply understand how modern security solutions (EDR and malware engines)function internally including detection logic behavioural analysis telemetry pipelines and response automation.
• Evaluate and integrate third-party malware scanning technologies where appropriate balancing coverage performance and false-positive impact.
• Partner with CI/CD and platform teams to ensure malware scanning is cleanly embedded into build and signing workflows.

Code Signing & Supply Chain Security

• Maintain strong working knowledge of code signing systems including certificates trust chains timestamping signing policies and root-of-trust concepts.
• Analyze signed artifacts and signing metadatato detect anomalies in certificates issuers signing patterns and revocation status.
• Identify and assess risks related to signed malware certificate misuse anomalous signing activity and potential key compromise.
• Understand the end-to-end artifact lifecycle(build sign distribute) and identify where supply chain threats can be introduced.
• Contribute to strengthening controls and monitoring across the software supply chain to defend against build system compromise poisoned dependencies and signed malware campaigns.
  

Leadership Responsibilities

• Act as a domain expert for malware and artifact security advising engineering and release teams on risk and remediation.
• Lead investigations into malware and supply chain security findings driving resolution without unnecessary delivery disruption.
• Clearly communicate technical findings and risk assessments to both technical teams and security leadership.

Required Skills & Experience

Core Malware Expertise ( Specialist)

• 4-6 years extensive hands-on experience in static and dynamic malware analysis.
• Strong reverse engineering expertise using tools such as IDA Pro Ghidra x64dbg Radare2 or Binary Ninja.
• Deep understanding of malware techniques including persistence obfuscation evasion loaders droppers and C2 communication.
• Proven experience authoring and maintaining YARA rules and custom detection signatures at scale.
• Demonstrated ability to validate malware scan results manage false positives and perform deep root cause analysis.
• Experience operating or owning malware scanning solutions in production environments.

Supply Chain Security

• Strong supply chain security attitude with understanding of modern software supply chain attacks.
• Experience reasoning about threats across CI/CD pipelines build systems dependencies and artifact distribution.
• Familiarity with artifact integrity provenance and secure release practices.

Cloud Automation & Programming

• Strong automation skills using scripts (Python Bash or similar) to improve security workflows.
• Familiarity with at least one programming language; Java preferred.
• Experience working in AWS environments with hands-on exposure to EC2 and EKS and K8s is a bonus

Soft Skills

• Ability to work with multiple teams and communicate technical findings clearly to both technical and non-technical audiences
• Strong problem-solving skills and ability to work independently

Nice to Have

• Experience with malware scanning engines (VirusTotal YARA-X custom detection pipelines)
• Experience handling incidents involving signed malware or compromised certificates
• Background in product security red teaming or threat research
• Experience with sandbox evasion techniques and anti-analysis methods

About Adobe

Adobe empowers everyone to create through innovative platforms and tools that unleash creativity productivity and personalized customer experiences. Adobes industry-leading offerings including Adobe Acrobat Studio Adobe Express Adobe Firefly Creative Cloud Adobe Experience Platform Adobe Experience Manager and GenStudio enable people and businesses to turn ideas into impact powered by AI and driven by human ingenuity.

Our 30000 employees worldwide are creating the future and raising the bar as we drive the next decade of growth. Were on a mission to hire the very best and believe in creating a company culture where all employees are empowered to make an impact. At Adobe we believe that great ideas can come from anywhere in the organization. The next big idea could be yours.

Lets Adobe together

At Adobe we believe in creating a company culture where all employees are empowered to make an impact. Learn more about Adobe life including our values and culture focus on people purpose and community Adobe for All comprehensive benefits programs the stories we tell the customers we serve and how you can help us advance our mission of empowering everyone to create.

Adobe is proud to be an Equal Employment Opportunity employer. We do not discriminate based on gender race or color ethnicity or national origin age disability religion sexual orientation gender identity or expression veteran status or any other protected characteristic. Learn more.

Adobe aims to make our Careers website and recruiting process accessible to any and all users. If you have a disability or special need that requires accommodation to navigate our website or complete the application process email or call 1 .

AI Use Guidelines for Interviews:
Our interviews are designed to reflect your own skills and thinking. The use of AI or recording tools during live interviews is not permitted unless explicitly invited by the interviewer or approved in advance as part of a reasonable accommodation. If these tools are used inappropriately or in a way that misrepresents your work your application may not move forward in the process.

At Adobe we empower employees to innovate with AI and we look for candidates eager to do the same. As part of the hiring experience we provide clear guidance on where AI is encouraged during the process and where its restricted during live interviews. See how we think about AI in the hiring experience.