XM Cyber is a global leader in hybrid cloud security. XM Cyber brings a new approach that uses the attacker’s perspective to find and remediate critical attack paths across on-premises and multi-cloud networks. The XM Cyber platform enables companies to rapidly prioritize and respond to cyber risks affecting their business-sensitive systems. XM Cyber is looking for a Director of Security Research to lead the research group. Lead a group of experts responsible at identifying attack methodologies and develop strategies to defend against them. You will be responsible for creating security detections from the research phase, through the development phase, and finalizing with the release to customers followed by an on-going accuracy monitoring for optimization and improvements. You will report to the SVP of Product and Research and oversee the following responsibilities.At XM Cyber, you’ll be faced with complex security challenges and hands-on opportunities, simulating real-world targeted attacks, through the perspective of an advanced threat actor. Our main goal is to help our customers protect their environments through comprehensive simulation and real time detections. You are expected to quickly grasp new information and investigate new attack vectors. You will be expected to lead security researchers and deep dive into new security tactics, techniques and procedures (TTPs) and properly assess their value to the product. ?Your Day To Day Will Be:
* Leading research roadmap, innovation, defining KPIs and research methodology
* Mentor and improve team members
* Research and analyze n-day vulnerabilities
* Research attack vectors on different operating systems
* Research IaaS and SaaS attack vectors on multiple cloud providers
* Define real time detection within cloud workload and control plane
* Collaborate with the development and product team to implement identified attacks and techniques
* Define mitigation steps for attack techniques
* Educate and enable customer success and sales engineers on XM products and best practices
* Working with XM customers over XM products findings
* Publishing security research blogs and presenting at security conferences
* Stay up-to-date with the latest security trends, technologies, and best practices
* Leading research roadmap, innovation, defining KPIs and research methodology
* Mentor and improve team members
* Research and analyze n-day vulnerabilities
* Research attack vectors on different operating systems
* Research IaaS and SaaS attack vectors on multiple cloud providers
* Define real time detection within cloud workload and control plane
* Collaborate with the development and product team to implement identified attacks and techniques
* Define mitigation steps for attack techniques
* Educate and enable customer success and sales engineers on XM products and best practices
* Working with XM customers over XM products findings
* Publishing security research blogs and presenting at security conferences
* Stay up-to-date with the latest security trends, technologies, and best practices
Requirements:
* At least 10 years of experience in cybersecurity, with a focus on security research
* At least 5 years of proven experience leading a technical team of senior security specialists
* Experience in developing, extending, or modifying exploits, shellcode or exploit tools
* Experience with penetration testing and red teaming
* Strong knowledge of current adversary techniques, tactics, and procedures
* Strong knowledge of cloud environments (AWS/GCP/Azure/Kubernetes) as well as organizational infrastructure(IDPs, Active Directory)
* In-depth understanding of organizational security, risks, and potential attack vectors
* Excellent leadership, communication, innovation, and problem-solving skills Great To Have:
* B.Sc. in Computer Science or equivalent military background
* Proven experience with endpoint protection detections mechanism
* Reverse Engineering skills: familiar with debuggers, disassemblers, protocols and file formats
* Programming and scripting knowledge, ability to write and understand code in various languages
* Relevant certifications such as CISM, OSCP, or CEH or equivalent
* Experience presenting in security conferences
* At least 10 years of experience in cybersecurity, with a focus on security research
* At least 5 years of proven experience leading a technical team of senior security specialists
* Experience in developing, extending, or modifying exploits, shellcode or exploit tools
* Experience with penetration testing and red teaming
* Strong knowledge of current adversary techniques, tactics, and procedures
* Strong knowledge of cloud environments (AWS/GCP/Azure/Kubernetes) as well as organizational infrastructure(IDPs, Active Directory)
* In-depth understanding of organizational security, risks, and potential attack vectors
* Excellent leadership, communication, innovation, and problem-solving skills Great To Have:
* B.Sc. in Computer Science or equivalent military background
* Proven experience with endpoint protection detections mechanism
* Reverse Engineering skills: familiar with debuggers, disassemblers, protocols and file formats
* Programming and scripting knowledge, ability to write and understand code in various languages
* Relevant certifications such as CISM, OSCP, or CEH or equivalent
* Experience presenting in security conferences
This position is open to all candidates.