Cloud Security Researcher and Engineer

We are seeking a highly skilled Senior Cloud Security Researcher to drive the defensive research roadmap for our cloud infrastructure and managed services. This role is pivotal in securing mission-critical cloud environments against sophisticated attacks. The researcher will be responsible for analyzing complex cloud architectures (AWS/GCP) to identify structural weaknesses.

Core Responsibility: Full technical and hands-on execution of deep-dive research into cloud internals and potential attack vectors. The primary objective is to translate offensive findings (such as tenant isolation gaps or runtime escapes) into comprehensive defensive blueprints, security controls, and resilient architectural patterns.

Description (What you’ll do):

• Deep Cloud Defense & Architecture: Extensive, practical experience in securing complex cloud environments. Must possess deep knowledge of cloud (IAM, Metadata Services, Networking) and how to harden them against abuse. Experience in designing "secure-by-default" architectures for managed services.
• Vulnerability Research & Root Cause Analysis: Proven capability in auditing systems and uncovering critical vulnerabilities in cloud components or runtimes. Must be able to perform Root Cause Analysis on theoretical or discovered exploits (like Sandbox Escapes) to engineer effective mitigations at the infrastructure level.
• Threat Modeling & Detection Engineering: Ability to think like an attacker to build better defenses. (Good to have) Experience creating high-fidelity detection rules and monitoring strategies for subtle indicators of compromise (IoC) within cloud control planes.
  
  

• 4+ years performing cybersecurity research and/or red teaming in cloud environments.
• Experience developing in Python. Bonus: experience with AI (Research / Development / ML-Ops).
• Experience in 0-day research of large systems (with or without sources).
• Solid understanding of cloud defense methodology and techniques.
• A quick learner, ready to work in an agile, fast-paced, multi-task environment.
• A team player with strong communication skills.
• Familiarity with cryptography and cryptographic algorithms will be a major plus.
• High level of written and spoken English.
• Advantage: experience leading or managing technical R&D teams.
• Possesses an uncompromising focus on the accuracy of security controls and risk assessments. Must ensure that proposed mitigations are practical, effective, and do not disrupt operational stability.
• Demonstrates a capacity for complex problem-solving. Doesn't just patch problems as they arise but looks for systemic architectural improvements to eliminate entire classes of vulnerabilities.
• A natural technical leader who prioritizes training, mentoring, and promoting the technical capabilities of team members. Must be dedicated to building a "Defensive Mindset" within the team, teaching others how to anticipate and block complex attack chains - nice to have.