RoleCybersecurity

Reverse Engineer

Static + dynamic analysis of unknown binaries. IDA/Ghidra, sandboxes, hours of patience.

The verdict

Narrow specialism, real demand inside a small market. Pick it if the craft pulls you, not because it sounds prestigious.

Pick this if

You've already done meaningful reversing in your own time
You can read assembly and decompiled output without flinching
You enjoy long investigations with no daily wins
You're targeting research, malware analysis or exploit development with this work

Skip this if

You've never reversed anything outside coursework
You want fast iteration and external feedback
You expect a clear ladder, the seats that exist tend to be flat

What "doing well" looks like in the seat

Your write-ups get cited by other researchers
Your output unlocks work for malware or vuln research teams
You contribute to the tooling other reversers use
You can teach the basics clearly to a junior analyst

The bit you're probably underestimating

Most full-time UK reverse engineering seats are in government, the NCA, GCHQ-adjacent work, security vendors, and a few financial services teams. Outside those, the role is a subset of malware analysis or vuln research. Plan for that reality and build the adjacencies, because pure reverse engineering as a career identity has a narrow ladder and a shallow market.

Tradeoffs at a glance

Hover any chip for the calibrated meaning. Ratings are directional, not absolute.

Promotion ceiling

Senior reverse engineer / malware researcher; narrow, prestigious market.

Who actually gets in

+Embedded / low-level developer
+Senior IR
+CTF players

Common misconceptions

−That reverse engineering scales to large teams, it's a small-team craft.

Where this leads

Malware Analyst
Vuln Researcher
Exploit Developer

Certifications people pair with this

GIAC GREM

Listed because the graph connects them to this role, not because you need all of them. Most practitioners pick one or two.

Pathways that pass through here

DFIR & Threat Intelligence
When the alert is real. Forensics, IR, malware analysis, threat intel. SANS/GIAC biased.

The serious next step

You've read about the role. The harder question is whether it's the right one for you.

A Career Verdict is the written, practitioner-authored call on your specific route into and out of this role. Six primitives, same format every time.

Plateau zone

The flat year nobody warns you about, named and timed.

Reality vs Fantasy

Your actual five-year curve against the one you've been sold.

What to sit and what to skip

Each cert on your list: useful, optional, or skip, with reasons.

The call

A single written judgment on whether your plan holds up.

Tradeoff spectrum

What you're giving up for what you're choosing, plotted.

Decisive factors

The two or three things that will actually make or break this.

See what a Career Verdict looks like £25 · one verdict, yours to keep

Built on POST's practitioner-authored assessment framework, calibrated by James from twenty years across helpdesk, infrastructure and security. Framework is human-authored; the verdict applies it to your inputs.

All roles