We are seeking a Principal/Senior Security Researcher to lead proactive research into emerging abuse patterns across agentic and modern endpoint environments. This includes browser extensions, SaaS- and web-delivered code, autonomous agents, MCPs and related tooling, and other forms of non-binary software that do not fit neatly into a traditional malware-focused model.
In this role, you will define and drive independent research initiatives rather than simply respond to predefined queues. You will conduct deep technical investigations, including reverse engineering, telemetry analysis, controlled experimentation, and data-driven validation, and translate your findings into actionable outcomes for the product. These may include detection concepts with clear success criteria, recommendations for new telemetry or platform behavior, and concise technical narratives for engineering, product, executive, or customer-facing audiences.
You will act as a senior research partner to engineering and product leadership, helping shape priorities around what to instrument, what to build, what to retire, and how to reason about ambiguous signals in production environments. The role requires strong technical judgment, strategic thinking, and the ability to turn complex research into evidence-backed product impact.
Key Responsibilities
Define and execute proactive research programs: novel attack surfaces (e.g., browser extensions, SaaS-delivered code, autonomous agents, MCP/tooling ecosystems), long-horizon threats, and systemic gaps in visibility or detection.
Perform deep technical analysis beyond routine triage: reverse engineering, behavioral modeling, data-driven hypothesis testing, and rigorous validation of findings at scale.
Set direction for how research translates into product and detection: prioritization frameworks, threat models, evaluation criteria, and standards of evidence for shipping high-impact changes.
Partner with senior engineering and product stakeholders to shape roadmap, telemetry, and architecture informed by research; influence design tradeoffs before issues appear in the field.
Lead complex, ambiguous investigations end-to-end and synthesize conclusions for executive and customer-facing audiences when stakes are high.
Represent the team through high-quality technical artifacts (e.g., in-depth publications, conference-quality work, or equivalent internal briefings) that establish external and internal credibility.
In this role, you will define and drive independent research initiatives rather than simply respond to predefined queues. You will conduct deep technical investigations, including reverse engineering, telemetry analysis, controlled experimentation, and data-driven validation, and translate your findings into actionable outcomes for the product. These may include detection concepts with clear success criteria, recommendations for new telemetry or platform behavior, and concise technical narratives for engineering, product, executive, or customer-facing audiences.
You will act as a senior research partner to engineering and product leadership, helping shape priorities around what to instrument, what to build, what to retire, and how to reason about ambiguous signals in production environments. The role requires strong technical judgment, strategic thinking, and the ability to turn complex research into evidence-backed product impact.
Key Responsibilities
Define and execute proactive research programs: novel attack surfaces (e.g., browser extensions, SaaS-delivered code, autonomous agents, MCP/tooling ecosystems), long-horizon threats, and systemic gaps in visibility or detection.
Perform deep technical analysis beyond routine triage: reverse engineering, behavioral modeling, data-driven hypothesis testing, and rigorous validation of findings at scale.
Set direction for how research translates into product and detection: prioritization frameworks, threat models, evaluation criteria, and standards of evidence for shipping high-impact changes.
Partner with senior engineering and product stakeholders to shape roadmap, telemetry, and architecture informed by research; influence design tradeoffs before issues appear in the field.
Lead complex, ambiguous investigations end-to-end and synthesize conclusions for executive and customer-facing audiences when stakes are high.
Represent the team through high-quality technical artifacts (e.g., in-depth publications, conference-quality work, or equivalent internal briefings) that establish external and internal credibility.
Requirements:
At least 4-5 years in cybersecurity with a track record of principal-level ownership in security research, threat research, threat intelligence, detection engineering, incident response, or a closely related discipline: self-directed programs, technical leadership on hard problems, and sustained impact on product or operations.
Demonstrated depth in offensive tradecraft and how it manifests in modern endpoint, SaaS/browser, or adjacent telemetry, not limited to commodity malware workflows.
Strong hands-on technical skills: scripting for analysis (e.g., Python), SQL, investigative query languages analysis, and low-level inspection of behaviors and artifacts appropriate to principal-level research.
Proven ability to initiate research from weak signals or open questions, not only execute on predefined queues; comfort operating with incomplete data and tightening rigor over time.
Excellent written and verbal communication; ability to persuade cross-functional partners and explain strategic tradeoffs among threat coverage and detection quality, false positives, analyst and engineering workload, and system performance at scale.
Experience collaborating with senior engineering and product leaders to land complex changes; judgment on when to ship, when to instrument further, and when to stop a line of inquiry.
At least 4-5 years in cybersecurity with a track record of principal-level ownership in security research, threat research, threat intelligence, detection engineering, incident response, or a closely related discipline: self-directed programs, technical leadership on hard problems, and sustained impact on product or operations.
Demonstrated depth in offensive tradecraft and how it manifests in modern endpoint, SaaS/browser, or adjacent telemetry, not limited to commodity malware workflows.
Strong hands-on technical skills: scripting for analysis (e.g., Python), SQL, investigative query languages analysis, and low-level inspection of behaviors and artifacts appropriate to principal-level research.
Proven ability to initiate research from weak signals or open questions, not only execute on predefined queues; comfort operating with incomplete data and tightening rigor over time.
Excellent written and verbal communication; ability to persuade cross-functional partners and explain strategic tradeoffs among threat coverage and detection quality, false positives, analyst and engineering workload, and system performance at scale.
Experience collaborating with senior engineering and product leaders to land complex changes; judgment on when to ship, when to instrument further, and when to stop a line of inquiry.
This position is open to all candidates.
