Principal Cybersecurity Researcher (Reverse Engineering)

With 1,000 intelligence professionals, over $300M in sales, and serving over 1,900 clients worldwide, Recorded Future is the world’s most advanced, and largest, intelligence company!

Reversing Emulation and Testing (RET) is a core function of Insikt Group’s Technical Analysis (TA) Team. We seek a principal technical threat researcher with deep subject-matter expertise across malware analysis, reverse engineering, and malicious tooling. This role requires the ability to lead high-impact research and drive innovation in analytical capabilities within Insikt Group.

You will guide and shape technical research into state-sponsored and cybercriminal malware, collaborating across functional intelligence teams to support finished intelligence reporting and platform enrichment. Your responsibilities will include not only conducting advanced malware reverse engineering and infrastructure emulation but also designing and implementing internal tools and workflows that increase our team's efficiency. You will be expected to develop and formalize novel approaches to dynamic analysis, configuration extraction, and threat behavior modeling.

This position entails representing Insikt Group’s technical threat research in customer briefings, webinars, and industry engagements. You will communicate complex technical findings to diverse audiences ranging from internal stakeholders and threat analysts to customers and external partners, supporting both technical enablement and strategic advisory efforts.

Additional responsibilities include authoring and reviewing high-visibility technical assessments, mentoring senior researchers, informing detection engineering across host- and network-based systems, identifying trends in offensive security tooling and tactics, and generating original research leads that inform Insikt Group’s intelligence production.

As a principal researcher, you will be expected to operate autonomously across a broad spectrum of malware and threat actor behaviors with little to no subject-matter gaps, providing leadership across both technical execution and strategic vision. Demonstrated experience in designing, executing, and publishing original threat research is required.

What You’ll Do: 

Collaborate with highly skilled analysts with expertise across many cybersecurity and threat intelligence groups

Reverse engineer malware, including APT tools and Crimeware
Drive technical research direction and develop tooling to advance malware analysis workflows.
Represent technical expertise in customer briefings, industry presentations, and internal advisory discussions.
Operate autonomously across all aspects of malware analysis and reverse engineering, mentor senior analysts, and drive the development of new research capabilities without subject-matter limitations.
Track and analyze the development of red team tooling
Develop network and host-based detection rules (YARA, Snort, and Sigma) to detect APT and cybercriminal campaigns in line with Insikt’s research goals
Develop analysis and extraction tooling for malicious artifacts 
Develop emulation capabilities to track malicious campaigns and networks
Develop tools and methods to identify commodity and custom malware using retro hunting and advanced detection techniques
Support other threat intelligence analysts by analyzing malware from advanced threat actors to develop leads and insights into actor infrastructure, tooling, and targeting
Publish research on novel threats
Stay on top of developments within the malware and malware analysis landscape, tracking key developments by following publications, blogs, and mailing lists
Scope, author, review, and deliver finished intelligence reports that address customers’ priority intelligence requirements (PIRs) across various cyber threat activity topics

What You’ll Bring (Required):

Experience with static and dynamic malware analysis of Windows binaries using tools such as IDA Pro, Ghidra, Binary Ninja, Windbg, x64dbg, dnSpy, and Wireshark

Experience writing network and endpoint signature detections using YARA, Sigma, and Snort rules
Experience scripting in Python, Go, PowerShell, or Bash
Knowledge of Windows operating system internals and the Windows API
Knowledge of TCP/IP and other networking protocols
Ability to convey complex technical and non-technical concepts in verbal products and excellent writing skills
Proficiency in conducting threat hunting, malware analysis, and reverse engineering for Windows, macOS, or Linux

Highly Desirable Skills/Experience (not required):

BA/BS or MA/MS degree or equivalent experience in Computer Science, Information Security, Cybersecurity, or a related field

7+ years of experience in static and dynamic malware analysis
7+ years of experience in network analysis tools
Programming experience in C, C++, or Java
Experience with mobile malware analysis
Experience with multiple architectures (x86, ARM, MIPS, etc)
Experience in the deobfuscation of malware, analysis of packers, malware decryption techniques, or cryptography
Experience managing small projects and processes
Experience working and communicating directly with customers

Why should you join Recorded Future?
Recorded Future employees (or “Futurists”), represent over 40 nationalities and embody our core values of having high standards, practicing inclusion, and acting ethically. Our dedication to empowering clients with intelligence to disrupt adversaries has earned us a 4.8-star user rating from Gartner and more than 45 of the Fortune 100 companies as clients.