Senior Security Researcher

Big Ideas. Real People.

At Orca, in the right environment and with the right team, talent has no boundaries. This team spirit, together with our drive to always aim high, has quickly earned us unicorn status and turned us into a global cloud security innovation leader. So if you’re ready to join an amazing team of people who inspire each other every day, now is the time to find your place in our pod.

We’re looking for driven and talented people like you to join our CTO office and our mission to change the future of cloud security. Ready to dive in and swim with our pod?

Highlights

• High-growth: Over the past seven years, we’ve consistently achieved milestones that take other companies a decade or more. During this time, we’ve significantly grown our employee base, expanded our customer reach, and rapidly advanced our product capabilities.
• Disruptive innovation: Our founders saw that traditional security didn’t work for the cloud—so they set out to carve a new path. We’re relentless pioneers who invented agentless technology and continue to be the most comprehensive and innovative cloud security company.
• Well-capitalized: With a valuation of $1.8 billion, Orca is a cybersecurity unicorn dominating the cloud security space. We’re backed by an impressive team of investors such as Capital G, ICONIQ, GGV, and SVCI, a syndicate of CISOs who invest their own money after conducting their due diligence.
• Respectful and transparent culture: Our executives pride themselves on being accessible to everyone and believe in sharing knowledge with the employees. Each employee has a place in shaping the future of our industry.

About the role

We’re looking for a Senior Security Researcher to drive high-impact research across cloud, runtime, and application environments, and translate it into product-grade detections. This is a hands-on role for someone who can lead investigations end-to-end: from understanding attacker tradecraft and vulnerabilities, through building reliable detection logic, to influencing product direction.

On a typical day you’ll

• Lead deep-dive research into real-world attacks, vulnerabilities, and emerging cloud and runtime techniques
• Own complex investigations (DFIR, threat hunting, root-cause analysis) and convert learnings into durable detections
• Design and implement advanced detection logic and analytics across cloud assets, containers, Kubernetes, and Linux runtime telemetry
• Build prototypes and production-ready components that improve detection accuracy, fidelity, and coverage
• Partner closely with engineering and product to shape roadmap priorities and guide implementation details
• Develop research methodologies, testing frameworks, and validation processes for new detections
• Mentor and level up other researchers and engineers through reviews, knowledge sharing, and technical guidance
• Represent the team externally through publications, technical blogs, and conference talks

About you

• 7+ years of experience in security research, detection engineering, incident response, or comparable hands-on security roles
• Demonstrated expertise in at least two of the following areas (and working knowledge in the others):
• Linux internals / operating systems fundamentals
• Cloud security (AWS/Azure/GCP), including common attack paths and misconfiguration patterns
• DFIR, threat hunting, and investigation workflows using telemetry and logs
• Vulnerability research or vulnerability management at scale (triage, prioritization, exploitation understanding)
• Application and API security fundamentals
• Strong programming skills in Python (Go is a strong plus); ability to produce maintainable research code and production logic
• Strong data skills: comfortable working with large telemetry datasets (SQL and log analytics platforms such as Elastic or similar)
• Ability to reason about attacker behavior, build threat models, and validate detections with repeatable testing
• Excellent written and verbal English communication, including the ability to explain nuanced technical tradeoffs to non-research audiences
• Track record of driving cross-team execution and shipping impactful security capabilities

Nice to have

• Experience with Kubernetes and container runtime security
• eBPF or low-level telemetry approaches, syscall or kernel-level visibility
• Reverse engineering and malware analysis
• Offensive security background (web, cloud, exploit development)
• Contributions to open-source security projects or published research
• Experience using automation or AI-assisted techniques to scale research and detection workflows

Success looks like

• You consistently deliver new detections or improvements that measurably reduce false positives and increase coverage
• Your investigations produce clear, actionable insights and influence product direction
• You raise the technical bar for research quality, validation rigor, and operational maturity across the team