Security Researcher

At echo, we’re fixing a broken system. Vulnerability management isn't working – it’s reactive, noisy, and unsustainable. Instead of chasing CVEs, we’re eliminating them at the source.

Our AI-powered platform produces vulnerability-free base images that integrate cleanly into existing workflows, helping security and platform teams eliminate patching overhead without slowing down developers. Backed by top-tier investors and led by second-time founders who previously built the first software supply chain security company, which was later acquired by Aqua Security, we’ve gone from stealth to serving global enterprise customers in under six months.

We're now looking for an experienced Security Researcher to join our core team and deep dive into CVEs, conducting cutting-edge vulnerability research that directly powers Echo's revolutionary approach to eliminating container vulnerabilities at the source.

What you’ll do

• Conduct deep-dive research into CVEs and vulnerabilities, analyzing root causes and attack vectors to inform our AI-powered prevention platform
• Perform reverse engineering analysis using tools like IDA Pro, Ghidra, or similar platforms to understand complex security vulnerabilities and exploitation techniques
• Research and analyze complex low-level system mechanisms including kernel vulnerabilities, network security issues, and operating system weaknesses
• Think outside the box, challenge existing assumptions, and create innovative approaches to vulnerability research and prevention
• Work in a unique environment where your research insights are rapidly implemented into our product, creating direct real-world impact from your vulnerability research
• Contribute to Echo's technical knowledge base and help establish new methodologies for proactive vulnerability identification and mitigation

What you bring:

Required:

• 5+ years of experience in security research with focus on vulnerability analysis and exploitation
• Extensive hands-on experience with reverse engineering tools (IDA, Ghidra, Jeb, or similar)
• Proven experience working with CVEs, and the broader security research domain
• Deep knowledge of complex low-level system mechanisms (kernel, networking, services, operating systems, embedded systems)
• Excellent written and verbal communication skills with ability to present complex technical findings
• Innovative mindset with ability to think outside the box and challenge conventional approaches

Preferred:

• Record of public research contributions (CVEs discovered, technical write-ups, conference talks, or open-source security projects)
• Experience working with AI tools and methodologies in security research contexts
• Background in container security, supply chain security, or related domains

Why echo?

We're a fast-growing team composed of some of the coolest and most passionate people you'll meet, solving hard problems that really make a difference. You’ll have real ownership and a clear mission: to make cloud-native infrastructure secure by design.