Cloud Security Researcher

Accelerate Your Career in Cybersecurity

As a leader in Automated Security Validation, we help businesses around the world safely emulate real-world attacks to uncover their vulnerabilities. At Pentera, you will be at the forefront of cybersecurity innovation, working on advanced tools that challenge organizations' defenses and push the limits of security testing.

With over 400 team members and 1,100+ customers in more than 50 countries, Pentera is a growing company supported by top investors like Insight Partners, K1, and The Blackstone Group.

If you are looking to grow your skills, make a difference, and be part of an innovative team, Pentera is the place for you.

About the Role:

As a Cloud Security Researcher, you will explore and exploit cloud-native attack surfaces, uncovering new vulnerabilities and researching misconfigurations across AWS, Azure, GCP, and container ecosystems. You’ll work on offensive cloud security projects that blend creativity, technical depth, and innovation, contributing to cutting-edge tools and methodologies.

Roles and Responsibilities:

• Research and develop novel attack techniques targeting cloud environments and infrastructure.
• Analyze and exploit vulnerabilities across multi-cloud platforms (AWS, Azure, GCP).
• Identify and document security flaws in cloud configurations, networking, and identity systems.
• Perform hands-on testing in containerized and Kubernetes-based systems.
• Collaborate with engineering and product teams to translate research into security features and best practices.
• Develop PoCs, tools, and scripts to automate vulnerability discovery.
• Contribute to the wider security research community through responsible disclosure and technical publications.
• Stay ahead of emerging cloud threats, security trends, and adversarial TTPs (MITRE ATT&CK, OWASP Cloud-Native Top 10).

Requirements:

• In-depth understanding of cloud services (AWS, Azure, GCP) and their security models.
• Practical experience in attacking or defending cloud environments.
• Experience with Kubernetes, containerized workloads, and CI/CD environments.
• Strong scripting/programming skills (Python, Go, or similar).
• Analytical mindset and hands-on experience in identifying and exploiting real-world vulnerabilities.

Preferred Skills:

• Research background in cloud or infrastructure security.
• Knowledge of IaC (Terraform, CloudFormation) and its security implications.
• Familiarity with cloud-native security tooling and monitoring systems.
• Contributions to open-source security projects or research publications.

We are an equal opportunity employer and we are committed to building a diverse and talented workforce. We do not discriminate on the basis of race, sex, religion, colour, national origin, gender, gender identity, sexual orientation, age, marital status, veteran status, medical condition, disability, or any other class or characteristic protected by applicable law. We welcome candidates from all backgrounds to join us!