National AI Awards 2025Discover AI's trailblazers! Join us to celebrate innovation and nominate industry leaders.

Nominate & Attend

Principal Cybersecurity Researcher (Reverse Engineering)

Recorded Future
Greater London
2 weeks ago
Create job alert

With 1,000 intelligence professionals, over $300M in sales, and serving over 1,900 clients worldwide, Recorded Future is the world’s most advanced, and largest, intelligence company!

Reversing Emulation and Testing (RET) is a core function of Insikt Group’s Technical Analysis (TA) Team. We seek a principal technical threat researcher with deep subject-matter expertise across malware analysis, reverse engineering, and malicious tooling. This role requires the ability to lead high-impact research and drive innovation in analytical capabilities within Insikt Group.

You will guide and shape technical research into state-sponsored and cybercriminal malware, collaborating across functional intelligence teams to support finished intelligence reporting and platform enrichment. Your responsibilities will include not only conducting advanced malware reverse engineering and infrastructure emulation but also designing and implementing internal tools and workflows that increase our team's efficiency. You will be expected to develop and formalize novel approaches to dynamic analysis, configuration extraction, and threat behavior modeling.


This position entails representing Insikt Group’s technical threat research in customer briefings, webinars, and industry engagements. You will communicate complex technical findings to diverse audiences ranging from internal stakeholders and threat analysts to customers and external partners, supporting both technical enablement and strategic advisory efforts.


Additional responsibilities include authoring and reviewing high-visibility technical assessments, mentoring senior researchers, informing detection engineering across host- and network-based systems, identifying trends in offensive security tooling and tactics, and generating original research leads that inform Insikt Group’s intelligence production.


As a principal researcher, you will be expected to operate autonomously across a broad spectrum of malware and threat actor behaviors with little to no subject-matter gaps, providing leadership across both technical execution and strategic vision. Demonstrated experience in designing, executing, and publishing original threat research is required.


What You’ll Do: 

Collaborate with highly skilled analysts with expertise across many cybersecurity and threat intelligence groups


Reverse engineer malware, including APT tools and Crimeware
Drive technical research direction and develop tooling to advance malware analysis workflows.
Represent technical expertise in customer briefings, industry presentations, and internal advisory discussions.
Operate autonomously across all aspects of malware analysis and reverse engineering, mentor senior analysts, and drive the development of new research capabilities without subject-matter limitations.
Track and analyze the development of red team tooling
Develop network and host-based detection rules (YARA, Snort, and Sigma) to detect APT and cybercriminal campaigns in line with Insikt’s research goals
Develop analysis and extraction tooling for malicious artifacts 
Develop emulation capabilities to track malicious campaigns and networks
Develop tools and methods to identify commodity and custom malware using retro hunting and advanced detection techniques
Support other threat intelligence analysts by analyzing malware from advanced threat actors to develop leads and insights into actor infrastructure, tooling, and targeting
Publish research on novel threats
Stay on top of developments within the malware and malware analysis landscape, tracking key developments by following publications, blogs, and mailing lists
Scope, author, review, and deliver finished intelligence reports that address customers’ priority intelligence requirements (PIRs) across various cyber threat activity topics

What You’ll Bring (Required):

Experience with static and dynamic malware analysis of Windows binaries using tools such as IDA Pro, Ghidra, Binary Ninja, Windbg, x64dbg, dnSpy, and Wireshark


Experience writing network and endpoint signature detections using YARA, Sigma, and Snort rules
Experience scripting in Python, Go, PowerShell, or Bash
Knowledge of Windows operating system internals and the Windows API
Knowledge of TCP/IP and other networking protocols
Ability to convey complex technical and non-technical concepts in verbal products and excellent writing skills
Proficiency in conducting threat hunting, malware analysis, and reverse engineering for Windows, macOS, or Linux

Highly Desirable Skills/Experience (not required):

BA/BS or MA/MS degree or equivalent experience in Computer Science, Information Security, Cybersecurity, or a related field


7+ years of experience in static and dynamic malware analysis
7+ years of experience in network analysis tools
Programming experience in C, C++, or Java
Experience with mobile malware analysis
Experience with multiple architectures (x86, ARM, MIPS, etc)
Experience in the deobfuscation of malware, analysis of packers, malware decryption techniques, or cryptography
Experience managing small projects and processes
Experience working and communicating directly with customers

Why should you join Recorded Future?
Recorded Future employees (or “Futurists”), represent over 40 nationalities and embody our core values of having high standards, practicing inclusion, and acting ethically. Our dedication to empowering clients with intelligence to disrupt adversaries has earned us a 4.8-star user rating from Gartner and more than 45 of the Fortune 100 companies as clients.

Related Jobs

View all jobs

Principal Engineer- Cybersecurity Analytics

Principal Cyber Security Consultant

Software Development Manager

Principal Cyber Security Consultant

Principal Cyber Security Consultant

Principal Cyber Security Engineer

National AI Awards 2025

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Cyber Security Jobs Skills Radar 2026: Emerging Frameworks, Tools & Certifications to Learn Now

Cyber threats are evolving—and so must the people defending against them. As ransomware, AI-enhanced phishing, and supply chain attacks grow more advanced, UK employers are urgently hiring cyber security professionals with the right mix of strategic and hands-on skills. Welcome to the Cyber Security Jobs Skills Radar 2026, your go-to guide for the most in-demand tools, frameworks, certifications, and technologies shaping the UK's cyber workforce. Whether you're a SOC analyst, penetration tester, or cloud security architect, this annual radar is designed to help you stay ahead of the market.

How to Find Hidden Cyber Security Jobs in the UK Using Professional Bodies like BCS, CIISec & More

The demand for skilled cyber security professionals in the UK has never been higher. With threats increasing in sophistication and frequency, organisations are urgently hiring ethical hackers, threat analysts, GRC specialists, and security architects. But many of the most valuable roles—particularly in government, defence, and critical infrastructure—are never publicly advertised. Instead, these jobs are shared behind the scenes through trusted networks, private communities, and professional bodies. In this article, we explore how to uncover hidden cyber security jobs in the UK using organisations like the BCS (The Chartered Institute for IT), CIISec (The Chartered Institute of Information Security), ISACA, and ISC² UK Chapter. We’ll show you how to use membership directories, special interest groups, CPD events and informal networks to gain early access to roles most people never see.

How to Get a Better Cyber Security Job After a Lay-Off or Redundancy

Redundancy is never easy—especially in a fast-moving field like cyber security, where your skills and experience are constantly evolving. But if you’ve recently been made redundant from a cyber security role, know this: the UK cyber workforce remains in high demand, and your expertise is more valuable than ever. Whether you’re a SOC analyst, penetration tester, incident responder, security architect or GRC specialist, there are still thousands of opportunities across sectors including finance, defence, government, retail, and critical infrastructure. This guide will help you turn redundancy into a career relaunch, with a clear action plan tailored to the UK cyber security job market.