Job Application for Principal Cybersecurity Researcher (Reverse Engineering) at Recorded Future

Back to jobs

With 1,000 intelligence professionals, over $300M in sales, and serving over 1,900 clients worldwide, Recorded Future is the world’s most advanced, and largest, intelligence company!

Reversing Emulation and Testing (RET) is a core function of Insikt Group’s Technical Analysis (TA) Team. We seek a principal technical threat researcher with deep subject-matter expertise across malware analysis, reverse engineering, and malicious tooling. This role requires the ability to lead high-impact research and drive innovation in analytical capabilities within Insikt Group.

You will guide and shape technical research into state-sponsored and cybercriminal malware, collaborating across functional intelligence teams to support finished intelligence reporting and platform enrichment. Your responsibilities will include not only conducting advanced malware reverse engineering and infrastructure emulation but also designing and implementing internal tools and workflows that increase our team's efficiency. You will be expected to develop and formalize novel approaches to dynamic analysis, configuration extraction, and threat behavior modeling.

This position entails representing Insikt Group’s technical threat research in customer briefings, webinars, and industry engagements. You will communicate complex technical findings to diverse audiences ranging from internal stakeholders and threat analysts to customers and external partners, supporting both technical enablement and strategic advisory efforts.

Additional responsibilities include authoring and reviewing high-visibility technical assessments, mentoring senior researchers, informing detection engineering across host- and network-based systems, identifying trends in offensive security tooling and tactics, and generating original research leads that inform Insikt Group’s intelligence production.

As a principal researcher, you will be expected to operate autonomously across a broad spectrum of malware and threat actor behaviors with little to no subject-matter gaps, providing leadership across both technical execution and strategic vision. Demonstrated experience in designing, executing, and publishing original threat research is required.

What You’ll Do:

Collaborate with highly skilled analysts with expertise across many cybersecurity and threat intelligence groups
Reverse engineer malware, including APT tools and Crimeware
Drive technical research direction and develop tooling to advance malware analysis workflows.
Represent technical expertise in customer briefings, industry presentations, and internal advisory discussions.
Operate autonomously across all aspects of malware analysis and reverse engineering, mentor senior analysts, and drive the development of new research capabilities without subject-matter limitations.
Track and analyze the development of red team tooling
Develop network and host-based detection rules (YARA, Snort, and Sigma) to detect APT and cybercriminal campaigns in line with Insikt’s research goals
Develop analysis and extraction tooling for malicious artifacts
Develop emulation capabilities to track malicious campaigns and networks
Develop tools and methods to identify commodity and custom malware using retro hunting and advanced detection techniques
Support other threat intelligence analysts by analyzing malware from advanced threat actors to develop leads and insights into actor infrastructure, tooling, and targeting
Publish research on novel threats
Stay on top of developments within the malware and malware analysis landscape, tracking key developments by following publications, blogs, and mailing lists
Scope, author, review, and deliver finished intelligence reports that address customers’ priority intelligence requirements (PIRs) across various cyber threat activity topics

What You’ll Bring (Required):

Experience with static and dynamic malware analysis of Windows binaries using tools such as IDA Pro, Ghidra, Binary Ninja, Windbg, x64dbg, dnSpy, and Wireshark
Experience writing network and endpoint signature detections using YARA, Sigma, and Snort rules
Experience scripting in Python, Go, PowerShell, or Bash
Knowledge of Windows operating system internals and the Windows API
Knowledge of TCP/IP and other networking protocols
Ability to convey complex technical and non-technical concepts in verbal products and excellent writing skills
Proficiency in conducting threat hunting, malware analysis, and reverse engineering for Windows, macOS, or Linux

Highly Desirable Skills/Experience (not required):

BA/BS or MA/MS degree or equivalent experience in Computer Science, Information Security, Cybersecurity, or a related field
7+ years of experience in static and dynamic malware analysis
7+ years of experience in network analysis tools
Programming experience in C, C++, or Java
Experience with mobile malware analysis
Experience with multiple architectures (x86, ARM, MIPS, etc)
Experience in the deobfuscation of malware, analysis of packers, malware decryption techniques, or cryptography
Experience managing small projects and processes
Experience working and communicating directly with customers

Why should you join Recorded Future?
Recorded Future employees (or “Futurists”), represent over 40 nationalities and embody our core values of having high standards, practicing inclusion, and acting ethically. Our dedication to empowering clients with intelligence to disrupt adversaries has earned us a 4.8-star user rating from Gartner and more than 45 of the Fortune 100 companies as clients.

Want more info?
Blog & Podcast: Learn everything you want to know (and maybe some things you’d rather not know) about the world of cyber threat intelligence
Linkedin, Instagram & Twitter: What’s happening at Recorded Future
The Record: The Record is a cybersecurity news publication that explores the untold stories in this rapidly changing field
Timeline: History of Recorded Future
Recognition: Check out our awards and announcements

We are committed to maintaining an environment that attracts and retains talent from a diverse range of experiences, backgrounds and lifestyles. By ensuring all feel included and respected for being unique and bringing their whole selves to work, Recorded Future is made a better place every day.

If you need any accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to our recruiting team at careers@recordedfuture.com

Recorded Future is an equal opportunity and affirmative action employer and we encourage candidates from all backgrounds to apply. Recorded Future does not discriminate based on race, religion, color, national origin, gender including pregnancy, sexual orientation, gender identity, age, marital status, veteran status, disability or any other characteristic protected by law.

Recorded Future will not discharge, discipline or in any other manner discriminate against any employee or applicant for employment because such employee or applicant has inquired about, discussed, or disclosed the compensation of the employee or applicant or another employee or applicant.

Recorded Future does not administer a lie detector test as a condition of employment or continued employment. This is in compliance with the law of the Commonwealth of Massachusetts, and in alignment with our hiring practices across all jurisdictions.

Notice to Agency and Search Firm Representatives:
Recorded Future will not accept unsolicited resumes from any source other than directly from a candidate. Any unsolicited resumes sent to Recorded Future, including those sent to our employees or through our website, will become the property of Recorded Future. Recorded Future will not be liable for any fees related to unsolicited resumes.

Agencies must have a valid written agreement in place with Recorded Future's recruitment team and must receive written authorization before submitting resumes. Submissions made without such agreements and authorization will not be accepted and no fees will be paid.

Create a Job Alert

Interested in building your career at Recorded Future? Get future opportunities sent straight to your email.

First Name

Last Name

Phone

Location (City)

Resume/CV*

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter

Accepted file types: pdf, doc, docx, txt, rtf

How did you hear about this job?

LinkedIn Profile

Recorded Future – Candidate Privacy Notice EMEA *

Acknowledged

This candidate privacy notice explains who we are, why and how we process personal data relating to candidates and, if you are the subject of any of the personal data concerned, your rights and our contact details if you want further information or help.
When you apply for a job on www.recordedfuture.com the personal data contained in your application will be collected and processed by Recorded Future, Inc. (“we, us, our”). For the purposes of European Economic Area data protection law, (the "Data Protection Law"), the data controller is: Recorded Future, Inc., 363 Highland Avenue, Somerville, MA 02144, recruiting@recordedfuture.com ("Controller"). Our data protection officer is Frederic Wolens, who can be contacted at privacy@recordedfuture.com

PRIVACY NOTICE FOR APPLICANTS / CANDIDATES

RECORDED FUTURE AB

1. What is the purpose of this document?
Recorded Future AB ("we" or the "Company") is a "data controller". This means that the Company is responsible for deciding how we hold and use personal data about you. You are being sent a copy of this privacy notice because you are applying for work with us (whether as an employee, worker or contractor). It makes you aware of how and why your personal data will be used, namely for the purposes of the recruitment exercise, and how long it will usually be retained for. It provides you with certain information that must
be provided under the General Data Protection Regulation ((EU) 2016/679) (GDPR).
2. Data protection principles
We will comply with data protection law and principles, which means that your data will be:
• used lawfully, fairly and in a transparent way;
• collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
• relevant to the purposes we have told you about and limited only to those purposes;
• accurate and kept up to date;
• kept only as long as necessary for the purposes we have told you about; and
• kept securely.
3. The kind of information we hold about you
In connection with your application for work with us, we will collect, store, and use the following categories of personal data about you:
• the information you have provided to us in your CV and covering letter;
• the information you have provided on our application form, including name, title, address, telephone number, personal email address, date of birth, gender, employment history, qualifications, and any other requested information;
• any information you provide to us during an interview; and
• any other information included as part of the application process.
We may also collect, store and use the following "special categories" of more sensitive personal data:
• information about criminal convictions and offences if a background check is
conducted
4. How is your personal data collected?
We collect personal data about candidates from the following sources:
• you, the candidate;
• if applicable, the recruitment agency
• CSI, our background check provider, from which we collect the following categories of data:
• Address History;
• Information about Criminal Convictions and Offences;
• Educational Attainment;
• Employment History;
• Government ID Verification; and
• Litigation History
5. How we will use information about you
We will use the personal data we collect about you to:
• assess your skills, qualifications, and suitability for the role;
• carry out background and reference checks, where applicable;
• communicate with you about the recruitment process;
• keep records related to our hiring processes; and
• comply with legal or regulatory requirements.
It is in our legitimate interests to decide whether to appoint you since it would be beneficial to our business to appoint a suitable candidate to that role. We also need to process your personal data to decide whether to enter into a contract of employment or engagement with you.
Having received your CV and covering letter and/or your application form, we will then process that information to decide whether you meet the basic requirements to be shortlisted for the role. If you do, we will decide whether your application is strong enough to invite you for an interview. If we decide to call you for an interview, we will use the information you provide to us at the interview to decide whether to offer you the role. If we decide to offer you the role, we will then take up references before confirming your
appointment.
6. If you fail to provide personal data
If you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application successfully. For example, if we require a background check or references for this role and you fail to provide us with relevant details, we will not be able to take your application further.
7. Information about criminal convictions
We envisage that we will process information about criminal convictions for your role. We will collect information about your criminal convictions history if we would like to offer you the role (conditional on checks and any other conditions, such as references, being satisfactory). We carry out a criminal records check in order to satisfy ourselves that there is nothing in your criminal convictions history which makes you unsuitable for the
role. In particular:
• It is contractually required by many of our customers to perform background checks on our employees;
• It is required by both security certification organizations SOC 2 Type 2 and ISO 27001, to which we subscribe; and
• The role for which you have applied requires a high degree of trust and integrity since it may involve dealing with a number of sensitive public sector contracts, which necessitate increased due diligence with our employees and so we would like to ask you to seek a basic disclosure of your criminal records history.
8. Automated decision-making
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.
9. Recipients of your personal data
We may disclose your personal data to members of our HR, Finance and Legal teams, the relevant team managers in respect of the role you are applying for in order to take hiring decisions.
It may be necessary from time to time for us to disclose your personal data to third parties or agents, including without limitation to the following:
• third parties or agents of clients to assist in the administration, processing and management of certain activities pertaining to prospective employees including external reference agencies (such as employee vetting and screening agencies) and travel and expense management service providers;
• individuals or companies employed by the Company to carry out specific services, functions or consultancy work and other financial institutions;
• relatives or legal representatives of prospective employees, or individuals that may serve as references for such prospective employees;

• regulatory bodies to whom we are obliged or required to disclose information including Workplace Relations Commission, Courts and Court-appointed persons;
• relevant Government departments and agencies; and
• other support service providers necessary to support the organisation in the services listed.
Why might you share my personal data with third parties?
We will only share your personal data with the following third parties for the purposes of processing your application. All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal data in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
10. Transfer of personal data outside the EEA
The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"), for the purposes described above. Those countries may not provide an adequate level of protection in relation to processing your personal data. Due to the global nature of our business, your personal data may be disclosed to members of our group outside the EEA, including in particular in the USA. We will ensure appropriate safeguards are in place to protect the privacy and integrity of such personal data.
11. Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
12. How long will you use my information for?
Successful applicants
If your application for employment or engagement is successful, personal data gathered during the recruitment process will be transferred to our HR management system and retained during your employment in accordance with our staff privacy and retention policies.
Unsuccessful applicants
If your application for employment or engagement is unsuccessful, we will hold your data on file for 2 years after the end of the relevant recruitment process to the extent necessary to enable the Company to comply with any legal obligations or for the exercise or defence of legal claims (subject to any applicable legal or regulatory obligations to retain such information for a longer period).
Where your details have been provided to us by a recruitment agency we will retain limited personal data relating to you in order to ensure that the Company is aware of its legal obligations to that agency in the event that you are considered for employment in the future.
At the end of that period (or if you withdraw your consent prior to this) we will securely destroy your personal data in accordance with applicable laws and regulations.
In the event that any court actions or other legal proceedings are pending or impending, personal data will be deleted after termination of the court action or legal proceeding as appropriate.
13. Your rights in connection with personal data
Under certain circumstances, by law you have the right to:
• Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
• Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
• Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
• Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your personal data to another party.
If you want to review, verify, correct or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact the HR team by email at this address privacy@recordedfuture.com
14. Candidate Responsibilities
You should use all reasonable endeavours to keep us informed of any changes to your personal and special personal data. If you become aware of a data breach or a potential data breach in respect of personal data please report the matter immediately to the Legal Department by email at the following address: security@recordedfuture.com
15. Complaints
You have the right to lodge a complaint with the UK's Information Commissioner's Office if you are unhappy with how your personal data is being handled.
16. Further Information
If you require any further clarification regarding this privacy notice, please contact the Company's HR Team by email at this address privacy@recordedfuture.com

I acknowledge that I have seen and understood the above notice

Do you have experience working on our platform?

Select...

Do you have valid Right to Work in the UK?

Select...

Do you require Visa support or Sponsorship to work in the UK?

Select...

Do you have a close personal relationship with a current Mastercard or Recorded Future employee?

If No, enter "N/A". If Yes please provide: (1) the name of the Mastercard or Recorded Future employee you have a close personal relationship with, and (2) the nature of that relationship.

Examples of close personal relationships include relatives (parent, grandparent, child, sibling, spouse, significant other, domestic partner, common law spouse, aunt/uncle, niece/nephew, cousin, in-law, and step/half relative); current or previous romantic or dating partners (no matter how casual); and any other relationship that is likely to or creates an actual or perceived conflict of interest or appearance of favoritism (for example, roommates and close friends). Close personal relationships would generally not include any former co-workers or managers with whom you do not regularly socialize outside of work.

Are you currently engaged in any outside employment or activity that you would like to continue if you are hired by Recorded Future?

If No, enter "N/A." If Yes, please provide: (1) the name of the entity for which you will be performing the outside activity and the entity’s website, if available; (2) a description of what the entity does and the industry in which it operates; (3) a description of your role at the entity; and (4) the number of hours you will devote to the activity each month.

Examples of outside employment/activities include paid employment or other lawful money-making (cash or cash equivalent) activity that will not be part of your official role at Recorded Future; service on the board of directors or an advisory board of any entity (including non-profit), even if the position is unpaid; and service (paid or unpaid) in any national, state, provincial, regional, or local government, including any government department, ministry, agency, authority, commission, legislature, council, other public body (such as the World Bank or other public international organization), or state-owned enterprise.

In your current role, do you engage with Mastercard or Recorded Future employees to negotiate, influence and/or sign commercial contracts or government contracts?

If No, enter "N/A". If Yes, please describe the contract(s), the nature of your involvement, and list the name(s) of the involved Mastercard or Recorded Future employee(s).

Are you related to anyone who has the authority to influence and/or sign commercial contracts or government contracts with Mastercard or Recorded Future?

If No, enter "N/A". If Yes, please state the name of the individual, his/her employer and the nature of your relationship to this individual. If you answered "No", enter N/A

Are you or were you recently (in the last six months) an employee of a government office or agency that has oversight over Mastercard or Recorded Future?

If Yes, please describe. If No, enter "N/A"

Are you related to anyone who is an employee of a government office or agency that has oversight over Mastercard or Recorded Future?

If yes, state the name of the individual, his/her employer and the nature of your relationship to this individual. If No, enter "N/A"

Voluntary Request to Self Identify (EMEA)

Recorded Future values and understands the benefits of a diverse workforce and, as such, are committed to hiring the best talent from a wide range of diverse backgrounds and characteristics.

To provide us the insight necessary to understand the diversity make-up of the talent we are attracting, we offer our applicants the option to voluntarily complete a short, confidential and anonymous survey.

Should you volunteer to provide your details, the information will not be held or associated with your job application and are only used for internal analysis purposes. Please only provide details where you are comfortable to do so and are in line with local law in your jurisdiction. Your decision to participate is not known and has no correlation to your job application in any way.

Thank you in advance for your support in our commitment to continuously strive towards a diverse workforce.

Please identify your gender

Select...

Please identify your ethnicity

Select...

Principal Cybersecurity Researcher (Reverse Engineering)

Apply for this job

Voluntary Request to Self Identify (EMEA)