Cloud Security Researcher

Big Ideas. Real People.
At Orca, in the right environment and with the right team, talent has no boundaries. This team spirit, together with our drive to always aim high, has quickly earned us unicorn status and turned us into a global cloud security innovation leader. So if you’re ready to join an amazing team of people who inspire each other every day, now is the time to find your place in our pod.
We’re looking for driven and talented people like you to join our R&D team and our mission to change the future of cloud security. Ready to dive in and swim with our pod?

Highlights:

High-growth: Over the past six years, we’ve consistently achieved milestones that take other companies a decade or more. During this time, we’ve significantly grown our employee base, expanded our customer reach, and rapidly advanced our product capabilities.
Disruptive innovation: Our founders saw that traditional security didn’t work for the cloud—so they set out to carve a new path. We’re relentless pioneers who invented agentless technology and continue to be the most comprehensive and innovative cloud security company.
Well-capitalized: With a valuation of $1.8 billion, Orca is a cybersecurity unicorn dominating the cloud security space. We’re backed by an impressive team of investors such as Capital G, ICONIQ, GGV, and SVCI, a syndicate of CISOs who invest their own money after conducting their due diligence.
Respectful and transparent culture: Our executives pride themselves on being accessible to everyone and believe in sharing knowledge with the employees. Each employee has a place in shaping the future of our industry.

About the role:

We’re looking for a passionate Cloud Security Researcher with a focus on Application Security to join our elite Research Pod and be our point of knowledge for AppSec. In this high impact role, you’ll help shape Orca’s AppSec offerings – spanning code security, API security, and cloud asset exposure to ensure we stay ahead of emerging threats. If you’re ready to join an amazing team of people who inspire each other every day, now is the time to find your place in our pod.

What You’ll Do:
Track & Address Emerging Threats: Stay on top of the latest security risks and vulnerabilities in web applications, APIs, and cloud assets. Work with product and engineering teams to ensure our platform detects and mitigates these evolving threats . This includes continuously monitoring the AppSec threat landscape (CVEs, OWASP Top 10, etc.) and with our detection team – updating our product to address new risks in code and cloud environments.
Security Research & Content Development: Conduct deep research on new vulnerabilities and attack techniques in the AppSec domain. Design and implement detection logic, rules, and signatures to catch these issues: from code flaws and secret exposures to API vulnerabilities. Your research will drive new product capabilities for code security and API security modules.
Enhance Product Capabilities: Work closely with development and product managers to translate research findings into product features and improvements. You will help prioritize AppSec risks on the roadmap and guide the design of new scanning and detection capabilities that address critical vulnerabilities. This collaboration ensures our code scanning and API security offerings are always relevant and effective against real-world threats.
Innovate with Tools & AI: Continuously experiment with new technologies and approaches to improve our research and detection workflows. This could mean prototyping new security scanning tools, leveraging automation and AI-driven techniques to uncover complex vulnerabilities, or integrating open-source projects to extend our capabilities. You have the freedom to think creatively and push the boundaries of how we find and mitigate application security risks.
Thought Leadership & Knowledge Sharing: Serve as the AppSec subject-matter expert within Orca’s Research Pod. Share knowledge and best practices with internal teams, and contribute to the security community externally. You will publish research findings through technical blog posts, white-papers, and possibly present them at leading security conferences.
About you:
4+ years of research or analytical experience in cybersecurity, with a strong focus on application security
Proficient in Python; Go experience is a plus
Proficiency in SQL or similar query languages for analyzing large datasets and telemetry
Analytical “attacker mindset” with excellent problem-solving and attention to detail
Strong written and verbal communication, with experience publishing research or presenting at conferences
Excellent problem-solving skills and attention to detail
Ability to work both independently and as a team player
Open-minded approach to thinking outside of the box
Nice to Have:
Hands-on offensive security skills (web penetration testing, exploit development)
Knowledge of cloud security technologies and tools in any or all major cloud providers (AWS, Azure, GCP)
Contributions or familiarity to open-source security projects (KICS, OWASP, Semgrep)
Familiarity with containerization and Kubernetes security
AI/ML application in security research