Expert Cloud Threat Researcher

We are seeking a highly skilled Cloud Threat Researcher to drive our intelligence cycle from end to end. In this position, you will dive deep into massive datasets and raw logs to proactively hunt for malicious activity, build comprehensive profiles of cyber adversaries, and translate your discoveries into actionable product features and customer advisories.

Taking ownership of specific cloud-native threat groups, you will track their evolving toolsets and attack methodologies, establishing yourself as a leading authority on their operations. You will also partner closely with our R&D and product teams from the initial ideation phase to design risk frameworks and influence our product roadmap based on the latest cloud attack trends.

Key Responsibilities

● Hunt and monitor cloud‐focused threat actors using raw telemetry and diverse
intelligence sources.
● Ingest and analyze threat information from blogs, reports, conference talks, and other
sources.
● Devise new and innovative techniques to surface cloud actor activity and TTPs;
implement them as code, queries, and monitoring signatures/scripts.
● Build and maintain actor profiles and TTP catalogs.
● Design and execute lab experiments that emulate cloud and hybrid attack techniques.
● Help define and continuously refine a product‐specific cloud threat model and the
telemetry needed to support it.
● Write public reports/blog posts on your findings.
 

5+ years of professional background in one or more of the following domains:

• Detection Engineering & Incident Response: Extensive background in cloud forensics, proactive threat hunting, and developing/refining detection rules (YARA, Sigma, SPL, KQL) alongside MITRE ATT&CK mapping.
• Cyber Threat Intelligence (CTI): Leveraging tools like VirusTotal, Whois, passive DNS, and broad active/passive internet scanning for threat hunting.
• Offensive Security / Red Teaming: Emulating cloud-based adversaries, conducting cloud penetration testing, and providing actionable hardening strategies.
• Dedicated Cloud Security Research or specific experience in Cloud IR.

Required Qualifications

• Deep operational familiarity and hands-on experience with leading public clouds (AWS, Azure, or GCP).
• Strong programming skills in Python or Go.
• Proven ability to manipulate and analyze data using SQL dialects or data analysis libraries (e.g., Pandas).
• Solid grasp of core network protocols (TCP/IP, DNS, HTTP, etc.).
• High degree of autonomy with a demonstrated capability to self-learn and drive research initiatives independently.

Bonus Points

• Previous experience designing or evaluating cloud architectures.
• Background working within the internal security teams of top-tier cloud service providers.
• Familiarity and hands-on experience with Cloud Detection and Response (CDR) solutions.