Principal Cloud Security Researcher

We’re looking for Principal Cloud Security Researcher with a strong security background to join our innovative Research team.

Why Mitiga?

Mitiga preemptively detects and stops attacks before damage is done.Mitiga moves your security beyond configuration-focused prevention. In today’s cloud-first, AI-driven world, attackers inevitably get in. Mitiga promptly stops them.Our platform connects Cloud, SaaS, AI, and Identity into one panoramic forensic system that gives SecOps total awareness, attack decoding, and autonomous containment. The result: attacks stop mid-flight, investigations are instant, and impact disappears.We replace the false promise of “zero breach” with a promise we can keep - Zero Impact.

When attackers get in, Mitiga ensures they get nothing.

Zero Impact Breach Mitigation.Mitiga is used by many well-known brands to reduce risk, enhance their SecOps, and improve business resilience.

The Role

We're looking for a Principal Cloud Security Researcher to serve as a senior technical leader within our Research team. This is a high-impact individual contributor role -- you won't manage people, but you'll shape the direction of our entire research function, mentor researchers, and act as a force multiplier across the organization.

You'll be the person who takes a vague threat signal and turns it into a detection strategy, a published finding, or a product capability. You'll operate as a trusted deputy to the research team lead, owning the most complex and ambiguous research challenges while raising the technical bar for the team.

What You'll Do

Drive Groundbreaking Research

• Own and drive Mitiga's most critical research initiatives end-to-end - from initial threat hypothesis through detection logic, product integration, and external publication.
• Set the technical direction for cloud threat research across AWS, Azure, and GCP, identifying emerging attack surfaces and novel techniques before they become mainstream threats.
• Investigate real-world cloud and SaaS security incidents, dissecting attacker tradecraft and extracting insights that evolve our detection capabilities.
• Pioneer new forensic investigation techniques and detection methodologies for cloud-native and SaaS environments - pushing the state of the art, not just following it.

Be a Voice in the Community

• Represent Mitiga as a thought leader through high-quality research publications, conference presentations (BlackHat, DEF CON, RSA, fwd:cloudsec, and similar venues), and open-source contributions.
• Build and maintain Mitiga's reputation as a research-driven company that advances the field - not just a vendor with a blog.
• Engage with the broader security research community, fostering relationships and collaborative knowledge-sharing.

Shape the Product

• Bridge research and product - translate threat findings into actionable product requirements, working closely with engineering and product teams to ensure our CDR platform stays ahead of evolving threats.
• Design and develop advanced detection algorithms that directly feed into Mitiga's platform, closing the gap between research insight and customer protection.

Elevate the Team

• Act as the team's go-to technical authority. When researchers hit a wall on complex cloud attack chains, IAM edge cases, or detection gaps - you're who they turn to.
• Mentor and grow other researchers through research reviews, pair investigations, code reviews, and by setting quality standards and methodology best practices.
• Influence technical decisions org-wide - contributing to architecture, tooling, and strategic research priorities.
• Step in as the research team lead's deputy when needed - driving prioritization, representing research cross-functionally, and ensuring continuity.

Who You Are

• 8+ years in security research, threat research, or closely related fields (offensive security, detection engineering, incident response, cloud security engineering). Fewer years are fine if your depth and track record are exceptional.
• Deep multi-cloud expertise - strong hands-on experience across at least two of the major cloud providers (AWS, Azure, GCP), with working knowledge of the third. You understand the IAM models, logging pipelines, APIs, and attack surfaces that matter in each.
• A track record of original research - you've published meaningful technical findings through blog posts, conference talks, open-source tools, or vulnerability discoveries that moved the needle. We want someone who doesn't just consume research - you produce it.
• Strong adversarial mindset and critical thinking - you think like an attacker targeting cloud infrastructure, SaaS platforms, identity systems, and Kubernetes. You can model threat scenarios, map out attack paths, and poke holes in defenses.
• Ability to operate autonomously on ambiguous, high-stakes problems. You don't wait for detailed specs - you identify what matters and drive it forward.

It Would Be Nice If You Also Had

• Experience with cloud forensics and incident response (DFIR in cloud/SaaS environments).
• Background in red teaming or penetration testing targeting cloud environments.
• Familiarity with Kubernetes security, container escape techniques, and cloud-native supply chain risks.
• Experience building or contributing to threat intelligence frameworks or detection content libraries.

• Location: Tel Aviv, IL
• Hybrid work Environment
• Competitive compensation package with stock options, educational fund, cibus.
• Cell phone and cell phone charges covered
• Top of the line equipment