Specialist - Technology & Development – Malware Reverse Engineer, Cyber Intelligence Team(EC3)(AD6) - Job not limited to law enforcement candidates

*This selection procedure is intended to establish a reserve list of successful candidates. It is envisaged to start using the reserve list in Q3/Q4 of 2026\.*

*Europol retains the right to make use of the reserve list to select candidates for similar posts within the organisation, should business needs require so.*

The post of Specialist \- Technology \& Development – Malware Reverse Engineer is considered a restricted post that may be filled without limitation to candidates coming from a competent authority, as stipulated in Annex II of the relevant Decision of the Management Board of Europol of 10 December 2025\. The Europol Recruitment Guidelines may be consulted for further details.

1\. Organisational context

Organisational setting:

The post of Specialist \- Technology \& Development – Malware Reverse Engineer is located is located in the Cyber Intelligence Team in the Digital Support Unit, European Cybercrime Centre (EC3\), Operations Directorate.

The Operations Directorate deals with the core business of Europol, improving the effectiveness and cooperation of the competent authorities in the Member States (MS) in preventing and combating serious and organised crime, as well as terrorism affecting the MS. This requires close cooperation with the Liaison Bureaux at Europol and via them with the Operational Teams in the MS.

Europol delivers a number of products and services to national law enforcement agencies to support them in their fight against international serious and organised crime, as well as terrorism.

The Operations Directorate hosts five distinct Departments: Operational and Analysis Centre, European Serious Organised Crime Centre, EC3, European Counter Terrorism Centre and the European Financial and Economic Crime Centre.

EC3 serves as the centre for the MS fight against cybercrime in the European Union (EU), delivering operational and investigative support on complex cybercrime investigations. EC3 also provides support to the EU institutions and MS in building operational and analytical capacity for investigations and cooperation with external partners. EC3 is the collective voice of European cybercrime investigators across law enforcement and the knowledge hub of law enforcement on how to tackle cybercrime.

The Centre comprises of three Units, each with their own area of responsibility.

The Expertise \& Stakeholder Management Unit is responsible for collecting information about new developments and technologies and provides advice on how to efficiently and effectively tackle new phenomena in the field of cybercrime. The Unit is actively involved in coordinating work with external partners such as government entities, private parties, academia and industry partners. Furthermore, the Unit is coordinating and delivering strategic products such as the Internet Organised Crime Threat Assessment (IOCTA). Other areas of responsibility include assessing relevant technology trends, external liaison and stakeholder management including EC3’s advisory groups, developing pan\-European cybercrime offender prevention campaigns, and capacity building activities.

The EC3 Operations Unit is responsible for delivering the operational services to MS of EU and other partners with whom Europol has operational agreements. The Unit consist of five teams: AP Cyborg (cyber\-dependent crime), AP Terminal (payment fraud and on\-line fraud schemes), AP Twins (child sexual exploitation), AP Dark Web (criminal use of anonymization services) and the J\-CAT coordination team (operational support to the Joint Cybercrime Action Taskforce).

Furthermore, the Unit is responsible for the provision of deconfliction within cases, enriching data sets, advising and participating in operational actions and delivering analytical support.

The Digital Support Unit is assisting EC3 Operations and provides horizontal support to other Operations Centres of Europol by delivering intelligence products, facilitating technical assistance in handling large datasets and conducting forensic examination through three dedicated teams: Cyber Intelligence Team (CIT), Forensics Team (FT) and Cryptocurrency Team.

The Cyber Intelligence Team (CIT) provides support in the pre\-processing, enrichment and analysis of large amounts of operational data. CIT liaises with the cybersecurity community and coordinates EU Law Enforcement Emergency Response Protocol against major cross\-border cyber\-attacks.

Purpose of the post:

The jobholder is responsible for malware analysis and reverse engineering, maintaining automated malware analysis solutions and ransomware nexus projects in order to support Europol and its partners in the fight against cyber\-dependant crime.

The jobholder must possess a solid understanding of cyber\-related technologies and internet\-related threats, and is expected to contribute to operational activities by means of, among others, scanning the environment for new technology, identifying abuse of technology, analysing patterns, developing new toolsets and technical solutions for the purpose of supporting investigations and/or protecting digital infrastructure and telecommunication networks.

Reporting lines:

The incumbent reports to the Head of Team Cyber Intelligence/Head of Unit – Digital Support.

Job environment:

This post might require participation in a shift system including weekends and nights as well as on\-call duty.

2\. Functions and duties

The incumbent carries out the following main functions and duties:

• Perform malware analysis and reverse engineering on devices and data with the purpose of malware triage, extraction, analysis, clustering and reporting;


• Conduct static and dynamic malware analysis using specialised tools and software;


• Maintain and enrich threat intelligence platforms as well as malware triage and analysis solutions such as sandboxes;


• Liaise with the competent authorities in EU MS, EU bodies, third countries and organisations in the field of malware analysis and reverse engineering to enhance Europol's ability to exploit criminal intelligence;


• Draft documents and reports independently and in co\-operation with other units;


• Support and contribute to unit projects within the area of malware analysis and reverse engineering;


• Prepare, organise and chair technical meetings, training courses and conferences in this domain, and represent Europol at specialised European and international events related to malware analysis and cyber threat investigation;


• Advise and consult both operational and support teams as a subject matter expert in the area of malware analysis and reverse engineering;


• Study new developments in the area of malware analysis, reverse engineering and threat intelligence;


• Develop or improve methods, techniques, custom tools and scripts used for this domain;


• Participate in stand\-by duty and/or shift work as and when required;


• Perform any other duties in the area of competence as assigned by the line management.

a. Candidates must

• Be a national of one of the Member States of the European Union and enjoy full rights as a citizen;


• Have fulfilled any obligations imposed by the applicable laws on military service;


• Produce appropriate character references as to his or her suitability for the performance of the duties;


• Be physically fit to perform the duties pertaining to the post as further specified in Article 13 of the Conditions of Employment of Other Servants of the European Union (CEOS);


• Produce evidence of a thorough knowledge of one of the languages of the Union and a satisfactory knowledge of another language of the Union to the extent necessary for the performance of the duties.

• A level of education which corresponds to completed university studies of at least three years attested by a diploma;

• Professional training of an equivalent level in a relevant area (e.g.Police Officer’s School) and after having completed the training, at least the number of years of relevant professional experience as indicated below:

More than 6 months and up to 1 year 3 years

More than 1 year and up to 2 years 2 years

More than 2 years 1 year

• In addition to the above at least 3 years of total professional work experience gained after the award of the diploma.

Selection criteria:

a. Professional experience:

Essential

• Experience in performing malware analysis and reverse engineering on devices and data with the purpose of malware triage, extraction, analysis, clustering and reporting;


• Experience in performing static and dynamic malware analysis;


• Experience with coding and analysing in programming languages such as assembly languages, C/C\+\+, Java, JavaScript and/or Python;


• Experience with commercial and open\-source forensic tools such as disassemblers, debuggers, sandboxes, virtual machines, and/or specialized malware analysis platforms;


• Experience in research and development in the area of malware analysis and reverse engineering.

• Law Enforcement work experience at international level;


• Experience in monitoring, logging and clustering cyber threat activity such as campaigns and botnets infrastructure through both open and private sources;


• Experience leveraging Artificial Intelligence (AI) for malware analysis.

Essential:

• In\-depth knowledge of malware analysis and capability of using malware analysis tools such as IDAPro or Ghidra, and OllyDbg;


• Knowledge in building and using Yara rules;


• Knowledge in decoding network traffic in the context of cyber\-attacks;


• Knowledge

Deze vacature komt van indeed. Originele vacature bekijken ↗