Principal Cybersecurity Researcher (Reverse Engineering)

Principal Cybersecurity Researcher (Reverse Engineering)Join to apply for the Principal Cybersecurity Researcher (Reverse Engineering) role at Recorded FuturePrincipal Cybersecurity Researcher (Reverse Engineering)Join to apply for the Principal Cybersecurity Researcher (Reverse Engineering) role at Recorded FutureGet AI-powered advice on this job and more exclusive features.With 1,000 intelligence professionals, over $300M in sales, and serving over 1,900 clients worldwide, Recorded Future is the world’s most advanced, and largest, intelligence company!Reversing Emulation and Testing (RET) is a core function of Insikt Group’s Technical Analysis (TA) Team. We seek a principal technical threat researcher with deep subject-matter expertise across malware analysis, reverse engineering, and malicious tooling. This role requires the ability to lead high-impact research and drive innovation in analytical capabilities within Insikt Group.You will guide and shape technical research into state-sponsored and cybercriminal malware, collaborating across functional intelligence teams to support finished intelligence reporting and platform enrichment. Your responsibilities will include not only conducting advanced malware reverse engineering and infrastructure emulation but also designing and implementing internal tools and workflows that increase our team\’s efficiency. You will be expected to develop and formalize novel approaches to dynamic analysis, configuration extraction, and threat behavior modeling.This position entails representing Insikt Group’s technical threat research in customer briefings, webinars, and industry engagements. You will communicate complex technical findings to diverse audiences ranging from internal stakeholders and threat analysts to customers and external partners, supporting both technical enablement and strategic advisory efforts.Additional responsibilities include authoring and reviewing high-visibility technical assessments, mentoring senior researchers, informing detection engineering across host- and network-based systems, identifying trends in offensive security tooling and tactics, and generating original research leads that inform Insikt Group’s intelligence production.As a principal researcher, you will be expected to operate autonomously across a broad spectrum of malware and threat actor behaviors with little to no subject-matter gaps, providing leadership across both technical execution and strategic vision. Demonstrated experience in designing, executing, and publishing original threat research is required.What You’ll Do:Collaborate with highly skilled analysts with expertise across many cybersecurity and threat intelligence groupsReverse engineer malware, including APT tools and CrimewareDrive technical research direction and develop tooling to advance malware analysis workflows.Represent technical expertise in customer briefings, industry presentations, and internal advisory discussions.Operate autonomously across all aspects of malware analysis and reverse engineering, mentor senior analysts, and drive the development of new research capabilities without subject-matter limitations.Track and analyze the development of red team toolingDevelop network and host-based detection rules (YARA, Snort, and Sigma) to detect APT and cybercriminal campaigns in line with Insikt’s research goalsDevelop analysis and extraction tooling for malicious artifactsDevelop emulation capabilities to track malicious campaigns and networksDevelop tools and methods to identify commodity and custom malware using retro hunting and advanced detection techniquesSupport other threat intelligence analysts by analyzing malware from advanced threat actors to develop leads and insights into actor infrastructure, tooling, and targetingPublish research on novel threatsStay on top of developments within the malware and malware analysis landscape, tracking key developments by following publications, blogs, and mailing listsScope, author, review, and deliver finished intelligence reports that address customers’ priority intelligence requirements (PIRs) across various cyber threat activity topicsWhat You’ll Bring (Required):Experience with static and dynamic malware analysis of Windows binaries using tools such as IDA Pro, Ghidra, Binary Ninja, Windbg, x64dbg, dnSpy, and WiresharkExperience writing network and endpoint signature detections using YARA, Sigma, and Snort rulesExperience scripting in Python, Go, PowerShell, or BashKnowledge of Windows operating system internals and the Windows APIKnowledge of TCP/IP and other networking protocolsAbility to convey complex technical and non-technical concepts in verbal products and excellent writing skillsProficiency in conducting threat hunting, malware analysis, and reverse engineering for Windows, macOS, or LinuxHighly Desirable Skills/Experience (not required):BA/BS or MA/MS degree or equivalent experience in Computer Science, Information Security, Cybersecurity, or a related field7+ years of experience in static and dynamic malware analysis7+ years of experience in network analysis toolsProgramming experience in C, C++, or JavaExperience with mobile malware analysisExperience with multiple architectures (x86, ARM, MIPS, etc)Experience in the deobfuscation of malware, analysis of packers, malware decryption techniques, or cryptographyExperience managing small projects and processesExperience working and communicating directly with customersWhy should you join Recorded Future?Recorded Future employees (or “Futurists”), represent over 40 nationalities and embody our core values of having high standards, practicing inclusion, and acting ethically. Our dedication to empowering clients with intelligence to disrupt adversaries has earned us a 4.8-star user rating from Gartner and more than 45 of the Fortune 100 companies as clients.Want more info?Blog & Podcast: Learn everything you want to know (and maybe some things you’d rather not know) about the world of cyber threat intelligenceLinkedin, Instagram & Twitter: What’s happening at Recorded FutureThe Record: The Record is a cybersecurity news publication that explores the untold stories in this rapidly changing fieldTimeline: History of Recorded FutureRecognition: Check out our awards and announcementsWe are committed to maintaining an environment that attracts and retains talent from a diverse range of experiences, backgrounds and lifestyles. By ensuring all feel included and respected for being unique and bringing their whole selves to work, Recorded Future is made a better place every day.If you need any accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to our recruiting team at careers@recordedfuture.comRecorded Future is an equal opportunity and affirmative action employer and we encourage candidates from all backgrounds to apply. Recorded Future does not discriminate based on race, religion, color, national origin, gender including pregnancy, sexual orientation, gender identity, age, marital status, veteran status, disability or any other characteristic protected by law.Recorded Future will not discharge, discipline or in any other manner discriminate against any employee or applicant for employment because such employee or applicant has inquired about, discussed, or disclosed the compensation of the employee or applicant or another employee or applicant.Recorded Future does not administer a lie detector test as a condition of employment or continued employment. This is in compliance with the law of the Commonwealth of Massachusetts, and in alignment with our hiring practices across all jurisdictions.Notice to Agency and Search Firm Representatives:Recorded Future will not accept unsolicited resumes from any source other than directly from a candidate. Any unsolicited resumes sent to Recorded Future, including those sent to our employees or through our website, will become the property of Recorded Future. Recorded Future will not be liable for any fees related to unsolicited resumes.Agencies must have a valid written agreement in place with Recorded Future\’s recruitment team and must receive written authorization before submitting resumes. Submissions made without such agreements and authorization will not be accepted and no fees will be paid.Seniority levelSeniority levelMid-Senior levelEmployment typeEmployment typeFull-timeJob functionJob functionInformation TechnologyIndustriesComputer and Network Security and Software DevelopmentReferrals increase your chances of interviewing at Recorded Future by 2xGet notified about new Security Researcher jobs in London, England, United Kingdom.Security Consultant (Hybrid, UK – 1 day per week with possible to increase)London, England, United Kingdom 1 month agoLondon, England, United Kingdom 1 week agoGraduate Information Security ConsultantLondon, England, United Kingdom 1 month agoLondon, England, United Kingdom 1 day agoLondon, England, United Kingdom 1 week agoLondon, England, United Kingdom 2 weeks agoLondon, England, United Kingdom 3 hours agoLondon, England, United Kingdom 3 months agoLondon, England, United Kingdom 3 hours agoLondon, England, United Kingdom 2 days agoLondon, England, United Kingdom 1 day agoLondon, England, United Kingdom 2 weeks agoLondon, England, United Kingdom 1 month agoLondon, England, United Kingdom 2 weeks agoLondon, England, United Kingdom 5 days agoCyber Security Consultant – Risk Advisory / GRCInformation Security Consultant – Secure changeLondon, England, United Kingdom 2 weeks agoSecurity Consultant – AZURE, NIST, ISO27001, AssuranceLondon, England, United Kingdom 2 weeks agoPrincipal Cyber Security Consultant – HybridLondon, England, United Kingdom 4 hours agoGreater London, England, United Kingdom 3 months agoCyber Security Consultant (Assurance & Advisory)Greater London, England, United Kingdom 2 weeks agoSenior Consultant – Network Observability & Cyber SecurityCity Of London, England, United Kingdom £75,000.00-£75,000.00 1 day agoWe’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI. #J-18808-Ljbffr