Security Researcher - Red Team

About Cyera

Cyera is on a mission to protect one of the world's most valuable resources: data. Our AI-native platform gives organizations a complete view of where their data lives, how it’s used, and how to keep it safe, so they can reduce risk and unlock the full value of their data, wherever it is.

Since our founding in 2021, we’ve grown fast—Cyera-fast—securing over $1.3 billion in funding from the biggest pockets on the planet and establishing a global team. Today, Cyera is the fastest growing data security company on the planet, trusted by the Fortune 500 and beyond.

About the Team

The Security Team at Cyera plays a critical role in protecting the infrastructure, products, and data our customers rely on. As a cross-functional group of experts in offensive and defensive security, we ensure that our platform is resilient, secure by design, and ahead of emerging threats. Our red teamers challenge assumptions, expose weaknesses, and help us build stronger defenses. If you're passionate about pushing the limits of modern cloud security and simulating real-world adversaries, this team is where you can have an outsized impact.

About the Role

We’re looking for a skilled and mission-driven Security Researcher – Red Team to lead offensive security initiatives and simulate real-world cyber threats across Cyera’s platform. You’ll work closely with engineering, product, and security teams to uncover vulnerabilities, test detection and response capabilities, and ensure Cyera’s cloud-native applications are hardened against advanced persistent threats.

In this role, you’ll plan and execute red team exercises, perform application and infrastructure penetration tests, and help shape secure-by-design practices across the company.

What You’ll Do

• Design and execute advanced red team exercises, simulating APT-style attacks across cloud-native applications, APIs, and services.
• Perform deep vulnerability analysis and logic assessments across multi-cloud environments.
• Identify cloud-specific misconfigurations and lateral movement vectors in AWS, GCP, and Azure.
• Develop and refine custom tools, scripts, and payloads using Python, TypeScript, and other languages.
• Leverage frameworks and tools such as Metasploit, Cobalt Strike, Mimikatz, Burp Suite, and BloodHound.
• Maintain a Persistent Penetration Testing Network (PPTN) for continuous evaluation.
• Conduct social engineering campaigns (phishing, pretexting) to assess user susceptibility.
• Collaborate with Engineering and DevSecOps to support secure product design and architecture.
• Provide clear, actionable reporting for both technical and executive audiences.
• Partner with SOC and detection teams to validate and improve detections and response coverage.
• Participate in security reviews, threat modeling, and design consultations.
• Mentor teammates on offensive techniques, cloud attack surface, and tool development.

Who You Are

Must-Haves

• You have 5+ years of experience in offensive security, red teaming, or application penetration testing.
• You’re proficient in testing cloud-native systems, web applications, and APIs.
• You understand the OWASP Top 10, business logic flaws, and secure application design.
• You have strong scripting or development skills in Python, Bash, or JavaScript.
• You bring deep knowledge of cloud environments (AWS, GCP, Azure) and their security controls.
• You’re familiar with attack chains, lateral movement, IAM misconfigurations, and post-exploitation tactics.
• You’ve used tools like Burp Suite, Metasploit, BloodHound, or custom red team tooling.
• You can translate complex findings into clear, actionable documentation and recommendations.

Nice-to-Haves

• Certifications like OSCP, OSCE, OSEP, or cloud security credentials (e.g., AWS Security Specialty).
• Experience in mobile app security testing (iOS/Android).
• Exposure to DevSecOps practices or CI/CD integration.
• Background in consulting or client-facing security roles.

Why Join Us?

At Cyera, we care about collaboration, innovation, and agility. you can bet we take “teamwork” seriously—with our inclusive and supportive culture at the forefront—and we’re just as serious about nurturing Cyerans to grow, both personally and professionally.

Feel free to apply even if your experience doesn’t tick every box.

We’re building something special here—and we welcome Cyerans with diverse backgrounds, perspectives, and experiences.