Director of Security Research

XM Cyber is a global leader in hybrid cloud security.

XM Cyber brings a new approach that uses the attacker’s perspective to find and remediate critical attack paths across on-premises and multi-cloud networks. The XM Cyber platform enables companies to rapidly prioritize and respond to cyber risks affecting their business-sensitive systems.

XM Cyber is looking for a Director of Security Research to lead the research group.

Lead a group of experts responsible at identifying attack methodologies and develop strategies to defend against them.

You will be responsible for creating security detections from the research phase, through the development phase, and finalizing with the release to customers followed by an on-going accuracy monitoring for optimization and improvements.

You will report to the SVP of Product and Research and oversee the following responsibilities.At XM Cyber, you’ll be faced with complex security challenges and hands-on opportunities, simulating real-world targeted attacks, through the perspective of an advanced threat actor. Our main goal is to help our customers protect their environments through comprehensive simulation and real time detections. You are expected to quickly grasp new information and investigate new attack vectors. You will be expected to lead security researchers and deep dive into new security tactics, techniques and procedures (TTPs) and properly assess their value to the product.

Your Day To Day Will Be:

Leading research roadmap, innovation, defining KPIs and research methodology
Mentor and improve team members
Research and analyze n-day vulnerabilities
Research attack vectors on different operating systems
Research IaaS and SaaS attack vectors on multiple cloud providers
Define real time detection within cloud workload and control plane
Collaborate with the development and product team to implement identified attacks and techniques
Define mitigation steps for attack techniques
Educate and enable customer success and sales engineers on XM products and best practices
Working with XM customers over XM products findings
Publishing security research blogs and presenting at security conferences
Stay up-to-date with the latest security trends, technologies, and best practices

Requirements:

At least 10 years of experience in cybersecurity, with a focus on security research
At least 5 years of proven experience leading a technical team of senior security specialists
Experience in developing, extending, or modifying exploits, shellcode or exploit tools
Experience with penetration testing and red teaming
Strong knowledge of current adversary techniques, tactics, and procedures
Strong knowledge of cloud environments (AWS/GCP/Azure/Kubernetes) as well as organizational infrastructure(IDPs, Active Directory)
In-depth understanding of organizational security, risks, and potential attack vectors
Excellent leadership, communication, innovation, and problem-solving skills

Great To Have:

B.Sc. in Computer Science or equivalent military background
Proven experience with endpoint protection detections mechanism
Reverse Engineering skills: familiar with debuggers, disassemblers, protocols and file formats
Programming and scripting knowledge, ability to write and understand code in various languages
Relevant certifications such as CISM, OSCP, or CEH or equivalent
Experience presenting in security conferences