FreeHire

Group-IB

Team Lead - Reverse Engineering

Show

Founded in 2003 and headquartered in Singapore, Group-IB is a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime. Combating cybercrime is in the company’s DNA, shaping its technological capabilities to defend businesses, citizens, and support law enforcement operations.

Group-IB’s Digital Crime Resistance Centers (DCRCs) are located in the Middle East, Europe, Central Asia, and Asia-Pacific to help critically analyze and promptly mitigate regional and country-specific threats. These mission-critical units help Group-IB strengthen its contribution to global cybercrime prevention and continually expand its threat-hunting capabilities.

ABOUT THE ROLE

We are looking for a Team Lead - Reverse Engineering to lead a small but high-impact squad of reverse engineers focused on supporting customer-driven investigations, DFIR engagements with malware reversing expertise, and threat intelligence production.

The role is responsible for managing and mentoring a squad of reverse engineers, ensuring high-quality technical analysis, and enabling the team to deliver actionable intelligence and reversing support across customer RFIs, incident response cases, malware investigations, and Middle East threat landscape research.

This position combines deep technical reverse engineering expertise, team leadership, and research-driven threat intelligence contribution.

YOUR MISSION

1. Squad Leadership and Technical Management

Lead and mentor a squad of reverse engineers, ensuring clear priorities, quality output, and continuous technical growth.

Responsibilities include:

  • Assigning and prioritizing reverse engineering tasks based on customer RFIs, DFIR needs, and threat intelligence requirements.
  • Reviewing technical analysis, reports, YARA rules, configuration extractors, and malware capability assessments.
  • Defining analysis depth based on case priority, from basic triage to deep code-level reversing.
  • Ensuring the squad maintains strong documentation, reusable knowledge, and consistent analytical standards.
  • Coaching team members on advanced reversing techniques, tooling, automation, and research methodology.

2. Threat Intelligence Generation

Contribute to threat intelligence production focused on the Middle East threat landscape, including cybercriminal, hacktivist, and APT activity.

The role should help transform reverse engineering findings into intelligence outcomes such as:

  • Malware profiles.
  • Threat actor capability assessments.
  • Campaign or cluster analysis.
  • Technical blogs, spot reports, and internal intelligence notes.
  • Detection logic and hunting leads.
  • Comparisons between new samples and known regional threat activity.

A key expectation is to connect technical malware findings with broader intelligence context, including victimology, targeting, infrastructure, tactics, and regional relevance.

3. R&D and Capability Development

Drive improvements in software reverse engineering workflows through tooling, automation, and process development.

Areas of contribution may include:

  • Automated malware triage pipelines.
  • Configuration extractors.
  • Similarity analysis workflows.
  • YARA generation and validation pipelines.
  • Sandbox integration.
  • IDA/Ghidra/Binary Ninja scripting.
  • Internal knowledge bases and malware profile enrichment.
  • AI-assisted reverse engineering experiments.
  • Repeatable workflows for L1/L2/L3 malware analysis.

The ideal candidate should be able to identify bottlenecks in the reversing process and propose practical automation or tooling improvements

WHAT WE ARE LOOKING FOR

The candidate should have strong hands-on experience in:

  • Malware reverse engineering on Windows and Linux.
  • Static and dynamic analysis.
  • x86/x64 assembly and common compiler patterns.
  • Debugging, unpacking, deobfuscation, and anti-analysis bypass.
  • Malware families such as loaders, stealers, RATs, ransomware, backdoors, droppers, and webshells.
  • IDA Pro, Ghidra, Binary Ninja, x64dbg, WinDbg, GDB, or similar tools.
  • Scripting with Python for automation and analysis.
  • YARA rule writing and validation.
  • Malware configuration extraction.
  • Behavioral analysis and capability mapping.
  • Understanding of MITRE ATT&CK and threat intelligence concepts.

This is not only a senior reverse engineering role. It is a technical leadership role.

The candidate should be able to:

  • Lead by technical example.
  • Review and improve team output.
  • Translate complex reversing findings into clear intelligence value.
  • Help junior and mid-level reverse engineers grow.
  • Coordinate with DFIR, threat intelligence, detection engineering, and customer-facing teams.
  • Balance deep technical research with customer delivery timelines.
  • Build repeatable processes rather than solving every case manually.
  • Maintain quality under pressure during urgent investigations.

WHAT SETS YOU APART

  • Excellent technical reporting and documentation skills.
  • Ability to convert complex technical findings into actionable business intelligence.

WHY CHOOSE GROUP-IB

Group-IB is a global leader in cybersecurity technologies that investigate, predict, prevent, and fight digital crime. We help organizations reduce risk and protect trust. Trusted by governments, major industries, and law enforcement, we deliver adversary-focused, predictive threat intelligence and cyber fraud fusion solutions that detect, analyse, and mitigate regional and country-specific digital crimes.

  • Work with real stakes. Group-IB investigates active cybercriminal groups, responds to breaches affecting critical infrastructure, and develops technologies used by law enforcement agencies including INTERPOL, Europol, and Afripol across 60+ countries. We've conducted 1,550+ cybercrime investigations alongside 600+ enterprise customers globally. When you join Group-IB, your work directly disrupts digital crime.
  • Grow your way. Choose your own path: deepen your craft as a technical expert, step into leadership, move across to another team, or relocate to one of our Digital Crime Resistance Centers across the Americas, Europe, the Middle East & Africa, Central Asia, and the Asia-Pacific. Your growth is our growth — Group-IB's expansion across 60+ active country operations means real career acceleration.
  • We fund professional certifications at company expense — whether you're pursuing CEH, CISSP, OSCP, or specialized certifications in forensics and penetration testing. You don't have to choose between doing the job and advancing your credentials.
  • Work alongside industry leaders. Our Unified Risk Platform — Threat Intelligence, Digital Risk Protection, Attack Surface Management, Managed XDR, and more — is recognized by Gartner, Forrester, KuppingerCole, and Datos Insights. Frost & Sullivan named us a 2025 Global Technology Innovation Leader. When you work here, you're building technologies that set the industry standard.
  • Real challenges, real expertise. You'll take on complex, real-world problems alongside adversary-centric researchers and incident response experts spread across six continents. We've built 21+ years of proprietary telemetry through 1,500+ joint investigations. No two threats look alike — and neither do the skills you'll develop.
  • A team that is genuinely international. Our people come from different countries, speak different languages, and bring different perspectives. What connects us is a shared mission: fighting cybercrime and making the world safer. We care about your wellbeing and happiness as much as your output.