Most of them work in the security industry and do:

* malware analysis (how does this malware work, how can it be detected, can we somehow decrypt data affected by this ransomware, are there any leads to who wrote this malware, etc)

* vulnerability research (finding and exploiting vulnerabilities in closed source software)

* assessment of closed source software (how secure is it, how does it work, does it have undocumented apis and how can those be used, etc.)

there is likely also a small market for analysis of competitor software, but I haven't seen this openly advertised yet.

> assessment of closed source software

I saw a company making addons for Microsoft Office, peculiar example of reverse engineering job not in security field https://www.think-cell.com/en/career/jobs/reverse.html

Microsoft once had to release a binary patch for Office to fix a security vulnerability in an addon where the source code was lost: https://hackertimes.com/item?id=15720923

There's also a pretty active academic scene for reverse engineering. The big thing right now (at least in the subfield I'm familiar with) is symbolic execution, where you generate a expression that shows the value of a variable at some point in time.

Selling private online game cheats.

Not the traditional route, but some of the best reverse-engineers I met were bypassing anti-cheats for a living.

Pentesting? Cyber security, stuff like that. Maybe anti piracy for games etc.

Not a RE but it seems to match doesn't it?

A friend of mine at uni, who was a hobby cracker, went to work for Eset, the antivirus company.