Oct 2025 – Present · 6 mos

• Creator of The Malware Lab, which delivers live, hands-on malware reverse engineering training that combines structured practice, accountability, and personalized feedback to help analysts strengthen their skills and tackle real-world threats.
• Create and share informative YouTube videos on malware analysis topics (youtube.com/@sonianuj).

Mar 2025 – Mar 2026 · 1 yr

Sep 2024 – Feb 2025 · 5 mos · Remote

• Conducted reverse engineering to inform threat actor profiles, translating low-level malware behavior into actionable threat intelligence.
• Served as a senior technical resource across CTI, DFIR, and Hunt teams, helping position the RE Unit as the internal authority for malware analysis.
• Designed analysis and reporting templates to establish a consistent technical workflow for documenting malware behavior and findings.
• Performed in-depth reverse engineering of malware to determine origin, capabilities, and embedded infrastructure.
• Developed automated Python configuration extractors to decode embedded malware configs and reliably extract IOCs from obfuscated samples.

Mar 2019 – Feb 2024 · 4 yrs 11 mos

• Reverse engineered sophisticated malware using dynamic and static code analysis to deobfuscate content, identify evasion techniques, extract indicators of compromise, and document comprehensive functionality.
• Conducted comparative analysis of malware samples to identify new variants and improve detection models.
• Automated unpacking and deobfuscation in Python with dynamic binary instrumentation and emulation frameworks.
• Developed and led internal technical training to improve the team’s reverse engineering skills.
• Published malware research on the corporate blog (https://blogs.blackberry.com/en/author/anuj-soni).
• Submitted and had abstracts accepted for presentation at security conferences, including BSides Chicago, BSides Philadelphia, and BSides Baltimore.

Jul 2016 – Feb 2019 · 2 yrs 7 mos

• Perform malware research and reverse engineering.

Feb 2012 – Jul 2025 · 13 yrs 5 mos

• Instructor and author of FOR710: Reverse-Engineering Malware: Advanced Code Analysis (https://sans.org/for710)
• Instructor and co-author of FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques (https://sans.org/for610)

Jan 2006 – Jul 2016 · 10 yrs 6 mos

• Detect and respond to sophisticated intrusions across the enterprise.
• Conduct malware analysis and reverse engineering activities.
• Perform forensics analysis and data extraction on various media.
• Execute penetration testing and vulnerability assessments to evaluate weaknesses in network architectures, access control mechanisms, and web applications.
• Develop recommendations to enhance security posture and improve business processes.

Aug 2005 – Dec 2005 · 4 mos