We’re seeking a Cloud Security Researcher to expand our product’s microsegmentation offering into cloud environments, advance our research capabilities, and lead threat modeling and detection efforts against modern cloud-based attack techniques. You’ll research and simulate real-world threats, design defenses, help adapt our technology to modern cloud architectures, and contribute to our open-source security tools and public research presence.

• Lead research of cloud security threats, with emphasis on lateral movement, privilege escalation, and post-compromise techniques in AWS, Azure, and GCP.
• Analyze and model cloud infrastructure, networking, and identity systems to identify attack surfaces and opportunities for segmentation.
• Work closely with product teams to design and test approaches for extending microsegmentation into cloud and hybrid environments.
• Research and exploit misconfigurations or weaknesses in cloud-native services (e.g., IAM, metadata services, API gateways).
• Build proof-of-concept attacks and detection techniques that inform both our commercial product and our open-source projects.
• Contribute to the development and maintenance of open-source security tools, incorporating cloud-focused capabilities and threat simulations.
• Produce high-quality technical blog posts, research papers, and online content to showcase findings, strengthen our social media presence, and share insights with the broader security community.

• +5 years of proven experience in cloud security research, penetration testing, or red teaming, with a focus on AWS, Azure, or GCP.
• Strong understanding of cloud networking (VPCs, routing, subnets, peering, firewall rules) and cloud infrastructure (compute, storage, identity).
• Familiarity with lateral movement, privilege escalation, and post-compromise techniques in cloud and hybrid environments.
• Experience with at least one modern programming or scripting language (Python, Go, etc.) for building tools and automations.
• Advantage: Experience contributing to or maintaining open-source security tools.
• Advantage: Big data and data analysis skills (e.g., Elasticsearch, pandas, data pipelines) for processing and analyzing large security datasets.
• Advantage: Knowledge of detection engineering, telemetry analysis, and log-based threat hunting in cloud environments.
• Advantage: Prior experience speaking at conferences, webinars, or producing video-based technical content.