Staff Vulnerability Researcher - Cloud Security

Who is Tenable?

Tenable® is the Exposure Management company. 44,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. Our global employees support 65 percent of the Fortune 500, 45 percent of the Global 2000, and large government agencies. Come be part of our journey!

What makes Tenable such a great place to work?

Ask a member of our team and they’ll answer, “Our people!” We work together to build and innovate best-in-class cybersecurity solutions for our customers; all while creating a culture of belonging, respect, and excellence where we can be our best selves. When you’re part of our #OneTenable team, you can expect to partner with some of the most talented and passionate people in the industry, and have the support and resources you need to do work that truly matters. We deliver results that exceed expectations and we win together!

Tenable Cloud Security was established through the acquisition of Ermetic, an innovative cloud-native application protection platform (CNAPP) company, and a leading provider of CIEM. This acquisition is a significant step in Tenable’s mission to shift organizations towards proactive security, offering market-leading contextual risk visibility, prioritization, and remediation across both on-premises and cloud infrastructures.

Your Opportunity

Tenable Cloud Security is seeking a Senior Vulnerability Researcher. In this role, you will research various cloud assets, roles, relations, and configurations to uncover 0-day vulnerabilities in major cloud providers and technologies. You will lead innovation, solve complex problems, and develop strategies for both attacking and defending cloud environments.

Furthermore, you will be in charge of fostering and spreading Tenable Cloud Security’s technical expertise. You will present your novel work at conferences and author papers and blogs. You will also build open-source cloud security tools and solutions.

If you’re a curious, creative, technical person with an attacker’s mindset, strong systemic thinking, and a passion for taking things apart and understanding how they work, we encourage you to apply.

Your Role

• Investigate and analyze the multi-cloud stack to find 0-day vulnerabilities, security holes, weaknesses, and design flaws
• Follow emerging security threats, author blogs about novel research, publish content, and speak at conferences
• Conduct technical research on cloud platforms to yield new insights, theories, analyses, TTPs
• Serve as a technical leader and contributor for a research team exploring emerging cloud technologies and services
  
  

• 7+ years of experience in cybersecurity research, vulnerability research, or offensive security
• Previous work experience in finding vulnerabilities and publishing research findings
• Experience with and knowledge of high-level systems, web applications, and application security
• Experience with and knowledge of cloud environment architecture (AWS, Azure, GCP)
• Highly motivated, great self-learner, curious, responsible and independent
• Strong communication skills – written and verbal
  
  

• Previous experience in presenting your work at industry conferences
• Experience with Kubernetes and container technology
• Solid programming skills in at least one language (C, C++, Python, GO, Rust)
• B.Sc. or higher in Computer Science, Software Engineering, Mathematics, or equivalent professional background
• Experience with data/security analysis