Adobe logo

Product Security Engineer 3

Adobe
3 hours ago
Full-time
On-site
Bengaluru, India

Malware Security Specialist – Code Signing & Supply Chain Security

 

 Role Description
We are looking for a cybersecurity professional specializing in malware analysis with deep hands-on expertise and a strong security engineering outlook to protect our software supply chain.


This role owns the malware detection, analysis, and validation layer of the code signing pipeline and plays a critical role in preventing malicious or compromised artifacts from being signed and distributed.


You will operate at the intersection of malware research, detection engineering, and secure software delivery, working closely with Product Security, Build/Release, Platform, and Engineering teams to assess risk and strengthen defenses without disrupting delivery.

Key Responsibilities

Core Malware Analysis & Detection (Primary Focus)

  • Perform advanced static and dynamic malware analysis on suspicious binaries to understand full execution behavior and risk.
  • Reverse engineer malicious files using disassembly and debugging to analyze payloads, execution flow, persistence mechanisms, command-and-control behavior, and evasion techniques.
  • Design, author, and maintain high-fidelity detection logic, including YARA rules and custom signatures, for known malware families and emerging threats.
  • Lead malware scan result validation and triage, accurately distinguishing true positives from false positives and driving root cause analysis.
  • Define remediation strategies, detection improvements, and rule tuning to continuously improve signal quality.
  • Track evolving attacker techniques and proactively adapt detection strategies to address new evasion and supply chain abuse patterns.
  • Design and build in-house malware security tooling and automation to improve detection accuracy, triage workflows, and developer feedback loops.
  • Deeply understand how modern security solutions (EDR and malware engines) function internally, including detection logic, behavioural analysis, telemetry pipelines, and response automation.
  • Evaluate and integrate third-party malware scanning technologies where appropriate, balancing coverage, performance, and false-positive impact.
  • Partner with CI/CD and platform teams to ensure malware scanning is cleanly embedded into build and signing workflows.


Code Signing & Supply Chain Security

  • Maintain strong working knowledge of code signing systems, including certificates, trust chains, timestamping, signing policies, and root-of-trust concepts.
  • Analyze signed artifacts and signing metadata to detect anomalies in certificates, issuers, signing patterns, and revocation status.
  • Identify and assess risks related to signed malware, certificate misuse, anomalous signing activity, and potential key compromise.
  • Understand the end-to-end artifact lifecycle (build → sign → distribute) and identify where supply chain threats can be introduced.
  • Contribute to strengthening controls and monitoring across the software supply chain to defend against build system compromise, poisoned dependencies, and signed malware campaigns.
     

Leadership Responsibilities

  • Act as a domain expert for malware and artifact security, advising engineering and release teams on risk and remediation.
  • Lead investigations into malware and supply chain security findings, driving resolution without unnecessary delivery disruption.
  • Clearly communicate technical findings and risk assessments to both technical teams and security leadership.



Required Skills & Experience

Core Malware Expertise ( Specialist)

  • 4-6 years extensive hands-on experience in static and dynamic malware analysis.
  • Strong reverse engineering expertise using tools such as IDA Pro, Ghidra, x64dbg, Radare2, or Binary Ninja.
  • Deep understanding of malware techniques including persistence, obfuscation, evasion, loaders, droppers, and C2 communication.
  • Proven experience authoring and maintaining YARA rules and custom detection signatures at scale.
  • Demonstrated ability to validate malware scan results, manage false positives, and perform deep root cause analysis.
  • Experience operating or owning malware scanning solutions in production environments.


Supply Chain Security

  • Strong supply chain security attitude with understanding of modern software supply chain attacks.
  • Experience reasoning about threats across CI/CD pipelines, build systems, dependencies, and artifact distribution.
  • Familiarity with artifact integrity, provenance, and secure release practices.


Cloud, Automation & Programming

  • Strong automation skills using scripts (Python, Bash, or similar) to improve security workflows.
  • Familiarity with at least one programming language; Java preferred.
  • Experience working in AWS environments, with hands-on exposure to EC2 and EKS and K8s is a bonus


Soft Skills

  • Ability to work with multiple teams and communicate technical findings clearly to both technical and non-technical audiences
  • Strong problem-solving skills and ability to work independently


Nice to Have

  • Experience with malware scanning engines (VirusTotal, YARA-X, custom detection pipelines)
  • Experience handling incidents involving signed malware or compromised certificates
  • Background in product security, red teaming, or threat research
  • Experience with sandbox evasion techniques and anti-analysis methods

 

About Adobe

Adobe empowers everyone to create through innovative platforms and tools that unleash creativity, productivity and personalized customer experiences. Adobe’s industry-leading offerings including Adobe Acrobat Studio, Adobe Express, Adobe Firefly, Creative Cloud, Adobe Experience Platform, Adobe Experience Manager, and GenStudio enable people and businesses to turn ideas into impact, powered by AI and driven by human ingenuity.

Our 30,000+ employees worldwide are creating the future and raising the bar as we drive the next decade of growth. We’re on a mission to hire the very best and believe in creating a company culture where all employees are empowered to make an impact. At Adobe, we believe that great ideas can come from anywhere in the organization. The next big idea could be yours. 


Let’s Adobe together

At Adobe, we believe in creating a company culture where all employees are empowered to make an impact. Learn more about Adobe life, including our values and culture, focus on people, purpose and community, Adobe for All, comprehensive benefits programs, the stories we tell, the customers we serve, and how you can help us advance our mission of empowering everyone to create.

Adobe is proud to be an Equal Employment Opportunity employer. We do not discriminate based on gender, race or color, ethnicity or national origin, age, disability, religion, sexual orientation, gender identity or expression, veteran status, or any other protected characteristic. Learn more.

Adobe aims to make our Careers website and recruiting process accessible to any and all users. If you have a disability or special need that requires accommodation to navigate our website or complete the application process, email accommodations@adobe.com or call +1 408-536-3015. 

AI Use Guidelines for Interviews:
Our interviews are designed to reflect your own skills and thinking. The use of AI or recording tools during live interviews is not permitted unless explicitly invited by the interviewer or approved in advance as part of a reasonable accommodation. If these tools are used inappropriately or in a way that misrepresents your work, your application may not move forward in the process.

At Adobe, we empower employees to innovate with AI — and we look for candidates eager to do the same. As part of the hiring experience, we provide clear guidance on where AI is encouraged during the process and where it’s restricted during live interviews. See how we think about AI in the hiring experience.