Principal Cybersecurity Researcher (Reverse Engineering)
With 1,000 intelligence professionals, over $300M in sales, and serving over 1,900 clients worldwide, Recorded Future is the world’s most advanced, and largest, intelligence company!
Reversing Emulation and Testing (RET) is a core function of Insikt Group’s Technical Analysis (TA) Team. We seek a principal technical threat researcher with deep subject-matter expertise across malware analysis, reverse engineering, and malicious tooling. This role requires the ability to lead high-impact research and drive innovation in analytical capabilities within Insikt Group.
You will guide and shape technical research into state-sponsored and cybercriminal malware, collaborating across functional intelligence teams to support finished intelligence reporting and platform enrichment. Your responsibilities will include not only conducting advanced malware reverse engineering and infrastructure emulation but also designing and implementing internal tools and workflows that increase our team's efficiency. You will be expected to develop and formalize novel approaches to dynamic analysis, configuration extraction, and threat behavior modeling.
This position entails representing Insikt Group’s technical threat research in customer briefings, webinars, and industry engagements. You will communicate complex technical findings to diverse audiences ranging from internal stakeholders and threat analysts to customers and external partners, supporting both technical enablement and strategic advisory efforts.
Additional responsibilities include authoring and reviewing high-visibility technical assessments, mentoring senior researchers, informing detection engineering across host- and network-based systems, identifying trends in offensive security tooling and tactics, and generating original research leads that inform Insikt Group’s intelligence production.
As a principal researcher, you will be expected to operate autonomously across a broad spectrum of malware and threat actor behaviors with little to no subject-matter gaps, providing leadership across both technical execution and strategic vision. Demonstrated experience in designing, executing, and publishing original threat research is required.
What You’ll Do:
- Collaborate with highly skilled analysts with expertise across many cybersecurity and threat intelligence groups
- Reverse engineer malware, including APT tools and Crimeware
- Drive technical research direction and develop tooling to advance malware analysis workflows.
- Represent technical expertise in customer briefings, industry presentations, and internal advisory discussions.
- Operate autonomously across all aspects of malware analysis and reverse engineering, mentor senior analysts, and drive the development of new research capabilities without subject-matter limitations.
- Track and analyze the development of red team tooling
- Develop network and host-based detection rules (YARA, Snort, and Sigma) to detect APT and cybercriminal campaigns in line with Insikt’s research goals
- Develop analysis and extraction tooling for malicious artifacts
- Develop emulation capabilities to track malicious campaigns and networks
- Develop tools and methods to identify commodity and custom malware using retro hunting and advanced detection techniques
- Support other threat intelligence analysts by analyzing malware from advanced threat actors to develop leads and insights into actor infrastructure, tooling, and targeting
- Publish research on novel threats
- Stay on top of developments within the malware and malware analysis landscape, tracking key developments by following publications, blogs, and mailing lists
- Scope, author, review, and deliver finished intelligence reports that address customers’ priority intelligence requirements (PIRs) across various cyber threat activity topics
What You’ll Bring (Required):
- Experience with static and dynamic malware analysis of Windows binaries using tools such as IDA Pro, Ghidra, Binary Ninja, Windbg, x64dbg, dnSpy, and Wireshark
- Experience writing network and endpoint signature detections using YARA, Sigma, and Snort rules
- Experience scripting in Python, Go, PowerShell, or Bash
- Knowledge of Windows operating system internals and the Windows API
- Knowledge of TCP/IP and other networking protocols
- Ability to convey complex technical and non-technical concepts in verbal products and excellent writing skills
- Proficiency in conducting threat hunting, malware analysis, and reverse engineering for Windows, macOS, or Linux
Highly Desirable Skills/Experience (not required):
- BA/BS or MA/MS degree or equivalent experience in Computer Science, Information Security, Cybersecurity, or a related field
- 7+ years of experience in static and dynamic malware analysis
- 7+ years of experience in network analysis tools
- Programming experience in C, C++, or Java
- Experience with mobile malware analysis
- Experience with multiple architectures (x86, ARM, MIPS, etc)
- Experience in the deobfuscation of malware, analysis of packers, malware decryption techniques, or cryptography
- Experience managing small projects and processes
- Experience working and communicating directly with customers
Why should you join Recorded Future?
Recorded Future employees (or “Futurists”), represent over 40 nationalities and embody our core values of having high standards, practicing inclusion, and acting ethically. Our dedication to empowering clients with intelligence to disrupt adversaries has earned us a 4.8-star user rating from Gartner and more than 45 of the Fortune 100 companies as clients.
Want more info?
Blog & Podcast: Learn everything you want to know (and maybe some things you’d rather not know) about the world of cyber threat intelligence
Linkedin, Instagram & Twitter: What’s happening at Recorded Future
The Record: The Record is a cybersecurity news publication that explores the untold stories in this rapidly changing field
Timeline: History of Recorded Future
Recognition: Check out our awards and announcements
We are committed to maintaining an environment that attracts and retains talent from a diverse range of experiences, backgrounds and lifestyles. By ensuring all feel included and respected for being unique and bringing their whole selves to work, Recorded Future is made a better place every day.
If you need any accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to our recruiting team at careers@recordedfuture.com
Recorded Future is an equal opportunity and affirmative action employer and we encourage candidates from all backgrounds to apply. Recorded Future does not discriminate based on race, religion, color, national origin, gender including pregnancy, sexual orientation, gender identity, age, marital status, veteran status, disability or any other characteristic protected by law.
Recorded Future will not discharge, discipline or in any other manner discriminate against any employee or applicant for employment because such employee or applicant has inquired about, discussed, or disclosed the compensation of the employee or applicant or another employee or applicant.
Recorded Future does not administer a lie detector test as a condition of employment or continued employment. This is in compliance with the law of the Commonwealth of Massachusetts, and in alignment with our hiring practices across all jurisdictions.
Notice to Agency and Search Firm Representatives:
Recorded Future will not accept unsolicited resumes from any source other than directly from a candidate. Any unsolicited resumes sent to Recorded Future, including those sent to our employees or through our website, will become the property of Recorded Future. Recorded Future will not be liable for any fees related to unsolicited resumes.
Agencies must have a valid written agreement in place with Recorded Future's recruitment team and must receive written authorization before submitting resumes. Submissions made without such agreements and authorization will not be accepted and no fees will be paid.
Apply for this job
*
indicates a required field