Were seeking a Security Researcher to expand our products micro‑segmentation capabilities, advance our research function, and lead threat modeling and detection efforts against modern attack techniques across enterprise, hybrid, and cloud environments. Youll research and simulate real‑world threats, design defenses, help adapt our technology to diverse architectures, and contribute to our open‑source security tools and public research presence.
Responsibilities:
Lead research into modern security threats, with emphasis on lateral movement, privilege escalation, and post‑compromise techniques across on‑prem, hybrid, and cloud environments.
Analyze and model enterprise infrastructure, networking, and identity systems to identify attack surfaces and opportunities for segmentation.
Work closely with product and engineering teams to design and validate new security controls, detection logic, and segmentation strategies.
Research and exploit misconfigurations or weaknesses in identity systems, networking, authentication protocols, and platform services.
Build proof‑of‑concept attacks and detection techniques that inform both our commercial product and our open‑source projects.
Contribute to the development and maintenance of open‑source security tools, threat simulations, and internal research frameworks.
Produce high‑quality technical blog posts, research papers, talks, and online content to share findings and strengthen our presence in the security community.
Responsibilities:
Lead research into modern security threats, with emphasis on lateral movement, privilege escalation, and post‑compromise techniques across on‑prem, hybrid, and cloud environments.
Analyze and model enterprise infrastructure, networking, and identity systems to identify attack surfaces and opportunities for segmentation.
Work closely with product and engineering teams to design and validate new security controls, detection logic, and segmentation strategies.
Research and exploit misconfigurations or weaknesses in identity systems, networking, authentication protocols, and platform services.
Build proof‑of‑concept attacks and detection techniques that inform both our commercial product and our open‑source projects.
Contribute to the development and maintenance of open‑source security tools, threat simulations, and internal research frameworks.
Produce high‑quality technical blog posts, research papers, talks, and online content to share findings and strengthen our presence in the security community.
Requirements:
Proven experience in security research, penetration testing, red teaming, or advanced defensive security engineering.
Strong understanding of networking, identity, authentication, and authorization concepts in enterprise and hybrid environments.
Familiarity with lateral movement, privilege escalation, and post‑exploitation techniques on modern platforms (Windows, Linux, Active Directory, cloud, or hybrids thereof).
Experience with programming and scripting language (e.g., C/C++, Python, Go) for building tools and research prototypes.
Experience contributing to or maintaining open‑source security tools or public research projects.
Data analysis skills (e.g., Elasticsearch, pandas, log pipelines) for processing and analyzing large security datasets.
Knowledge of detection engineering, telemetry analysis, and log‑based threat hunting.
Prior experience publishing research, speaking at conferences, webinars, or producing technical content.
Bonus: Experience with cloud platforms (AWS, Azure, GCP), endpoint or identity security, kernel or OS‑level internals, or security product development.
Proven experience in security research, penetration testing, red teaming, or advanced defensive security engineering.
Strong understanding of networking, identity, authentication, and authorization concepts in enterprise and hybrid environments.
Familiarity with lateral movement, privilege escalation, and post‑exploitation techniques on modern platforms (Windows, Linux, Active Directory, cloud, or hybrids thereof).
Experience with programming and scripting language (e.g., C/C++, Python, Go) for building tools and research prototypes.
Experience contributing to or maintaining open‑source security tools or public research projects.
Data analysis skills (e.g., Elasticsearch, pandas, log pipelines) for processing and analyzing large security datasets.
Knowledge of detection engineering, telemetry analysis, and log‑based threat hunting.
Prior experience publishing research, speaking at conferences, webinars, or producing technical content.
Bonus: Experience with cloud platforms (AWS, Azure, GCP), endpoint or identity security, kernel or OS‑level internals, or security product development.
This position is open to all candidates.
