דרושים » אבטחת מידע וסייבר » Security Researcher

We are looking for an experienced malware researcher to lead our malware research team.
As a Malware Research Team Lead, you will lead research on source code, compiled code, and various software supply chain attacks. The position requires proven experience in researching malicious code, understanding supply chain attack techniques, and experience in developing malware monitoring and analysis automation.
As a Malware Research Team Lead you will...
Lead a team of experienced malware researchers to discover malicious code in open source & new supply chain attack techniques
Research malicious code in public repositories from various coding languages and technologies
Define and implement ways to automatically detect malicious code in open-source software
Write technical reports and outward-facing publications regarding all research subjects mentioned above
Present your teams research in local and international security conventions.

We are looking for an experienced Vulnerability Researcher to lead our world-class vulnerability research team.
As a Vulnerability Researcher Team Lead, you will perform research and responsible disclosure on the latest open-source software, working with your team to find flaws in the most popular components today. The position requires proven experience in vulnerability research, both on web applications and native applications.
As a Vulnerability Researcher Team Lead you will...
Research zero-day vulnerabilities in open-source projects and popular web applications
Manage a team of senior researchers, setting the teams research targets and methodologies
Manage the coordinated disclosure process for vulnerabilities identified by the team
Write & review technical blogposts for vulnerabilities identified by the team
Speak in the most important global security conferences about vulnerabilities identified by the team.

We are looking for a Sr Principal Linux Security Researcher for our Tel Aviv R&D center, to work on cortex-xdr for linux, which provides runtime protection to servers and cloud workloads.
You will be part of a team that is in charge of researching, developing and improving Anti-Exploit capabilities, Anti-malware capabilities. The position includes researching OS internals, exploits, malware, delving into cloud security, and finding ways to mitigate new attack vectors.
Your Impact:
Research, develop, and improve anti-exploitation mitigations and anti-malware modules - ranging from low-level mitigations up to tackling application-level security vulnerabilities
Work on the design, evaluation, and implementation of new security technologies
Research Linux OS internals, kernel, application codebases, vulnerabilities and exploits (Mostly internal usage but also PR)
Analyze customer issues to help with detecting and preventing malicious activities in our customers networks.

This role is offered as a hybrid, with the expectation to be in the office 3 days per week in Tel Aviv, Israel. We can only accept applications from those based in Israel or who have sponsorship to live and work in Israel.

What you can expect to do in this role:
iOS Security Analysis: Conduct in-depth analysis of iOS security mechanisms, including the secure boot process, sandboxing, code signing, keychain, secure enclave, and data protection. Identify weaknesses and potential vulnerabilities within the iOS ecosystem.
Vulnerability Assessment: Perform comprehensive vulnerability assessments of iOS applications using industry-standard frameworks such as MITRE, OWASP Mobile Security Testing Guide, and tools like Burp Suite. Identify and document security issues and propose mitigation strategies.
Attack Vector Analysis: Explore potential attack vectors that could compromise iOS devices and applications. Develop a deep understanding of the iOS threat landscape and post-exploit scenarios to anticipate and counteract security threats effectively.
Reverse Engineering: Utilize reverse engineering techniques and tools such as IDA Pro, Hopper, and Ghidra to dissect iOS applications and firmware. Analyze binaries, disassemble code, and reverse engineer software components to uncover vulnerabilities and weaknesses.
Privilege Escalation Research: Investigate iOS privilege escalation techniques and vulnerabilities, staying ahead of potential threats. Research and develop countermeasures to protect against privilege escalation attacks.
Development Contributions: While not mandatory, the ability to develop security-related tools, scripts is an advantage. Contribute to the creation of custom tools or enhancements that aid in mobile forensic analysis and security assessments.
Documentation and Reporting: Create detailed reports and documentation of security findings, methodologies, and recommended solutions. Communicate research results effectively to both technical and non-technical stakeholders through written reports and presentations.
Collaboration: Collaborate closely with cross-functional teams, including fellow researchers, software developers, and cybersecurity experts, to share insights, collaborate on security initiatives, and contribute to the development of secure mobile solutions.
Stay Current: Continuously monitor and stay up-to-date with the latest developments in iOS security, vulnerabilities, and exploits. Contribute to threat intelligence by sharing relevant information with the team.

We are looking for a Cyber Security Researcher to drive innovation in security defenses for on-premises and cloud environments. Your primary focus will be twofold:

1. Researching and developing novel defensive mechanisms to detect and mitigate advanced threats.

2. Contributing to open-source security tools by developing new solutions and enhancing existing ones.If you have a passion for security research, a strong technical foundation, and a drive to make meaningful contributions to the cybersecurity community, wed love to hear from you.


Responsibilities:
Research and prototype novel security defense techniques for on-prem and cloud-based systems

Analyze modern attack techniques and develop countermeasures to mitigate them.

Design, develop, and improve open-source security tools to help defenders detect and respond to threats.

Reverse engineer malware, attack tools, and security mechanisms to identify vulnerabilities and improvements.

Investigate Windows internals and authentication protocols (NTLM, Kerberos, SAML, OAuth) to enhance security defenses.Write secure, efficient, and maintainable C/C++ code for research and tooling purposes.

Collaborate with the security research community and contribute to blogs, whitepapers, and conference talks.

Stay ahead of the evolving threat landscape and propose innovative security solutions.

We are expanding the Security Research team for which we are looking for highly skilled and passionate Senior Security Researchers focusing on GenAI, AI Agents / Agentic AI, and their interaction with Low-Code and No-Code platforms. The ideal candidate should have a minimum of 5 years of relevant experience and a strong background in conducting research, identifying vulnerabilities, and performing in-depth analysis of web and API security within cloud environments. This role offers a unique opportunity to contribute to the security of emerging technologies that are transforming the way people and organizations use computers.

The CSO Security team is looking for a Senior Application Security Researcher. In this role, you will perform vulnerability research, assess existing architectures, and build and run tools to secure the application landscape at scale. You will work closely with R&D and DevOps teams and be the focal point for identifying and solving complex security challenges. This is a hands-on, development-focused role with the goal of ensuring our products adhere to the stringent security requirements of our thousands of customers.
As a Senior Application Security Researcher you will
Continuously assess and challenge our overall security posture to ensure optimal and up-to-date platform security in our products and systems
Evaluate architecture, design, and code to ensure they are free from potential vulnerabilities and security risks
Train and mentor developers about security frameworks, testing, vulnerabilities, and best practices to ensure code compliance
Evaluate new technologies and standards in the application security domain
Plan and lead cross-company efforts with the R&D that will improve JFrogs security posture.

We are seeking an experienced Vulnerability Researcher to join our team, where our ethos of customer-centric problem solving, ownership, professionalism, and resourcefulness are at the heart of everything we do. The team faces complex research issues daily, solving new challenges and constantly improving the existing solutions. In this key position, you'll dive deep into complex security puzzles, pushing the boundaries of our vulnerability research and solutions. Collaborating on challenges with our team means working with the leading cloud platforms (AWS, GCP, Azure) and leveraging advanced technologies like Kubernetes, EBPF, Docker, and more.
Responsibilities :
Vulnerability research in the major Cloud providers and cutting-edge technologies.
Collaborate with teams across the organization, including Product, and GTM, to develop and integrate top-tier features.
Conduct deep technical research into cloud-native environments.
Lead offensive investigations in Kubernetes, eBPF, AI/ML‑based anomaly detection, and runtime security, translating findings into production‑grade detections.
Create authoritative content white‑papers, conference papers, blogs, and release notes that educate users and elevate Upwinds brand.
Deep dive into threat detection and product content that provide our customers deep insights and added value.

Required Principal Security Researcher - Agent ML (Cortex)
Who We Are
We take our mission of protecting the digital way of life seriously. We are relentless in protecting our customers and we believe that the unique ideas of every member of our team contributes to our collective success. Our values were crowdsourced by employees and are brought to life through each of us everyday - from disruptive innovation and collaboration, to execution. From showing up for each other with integrity to creating an environment where we all feel included.
As a member of our team, you will be shaping the future of cybersecurity. We work fast, value ongoing learning, and we respect each employee as a unique individual. Knowing we all have different needs, our development and personal wellbeing programs are designed to give you choice in how you are supported. This includes our FLEXBenefits wellbeing spending account with over 1,000 eligible items selected by employees, our mental and financial health resources, and our personalized learning opportunities - just to name a few!
Your Career:
Are you passionate about using cutting-edge technology to help protect the world against cyber threats? Do you live and breathe the cyber security world? Do you want to take part in an innovative and disruptive AI security group that has an impact on many customers?
You will be part of a strong security research and data science team who solve highly complex security challenges using disruptive technologies, ML algorithms and a lot of data.
As part of that, you will take part in the design and development of new groundbreaking AI security solutions which make a direct impact on many customers.
We value diverse viewpoints and experiences, as we are solving complex cyber security challenges. We are committed to a safe and inclusive workspace.
Your Impact:
Be at the forefront of security innovation, building next-gen detection capabilities powered by machine learning, big data, and deep threat intelligence.
Dive deep into low-level systems, reverse engineering, and file-type behavior to uncover novel attack vectors - and then turn that insight into scalable, ML-driven protections.
Work hand-in-hand with rockstar data scientists, engineers, and PMs in a fast-paced, collaborative environment where ideas move quickly from whiteboard to production.
Lead high-impact research initiatives that fuse classic security expertise with modern data science - shaping models, influencing pipelines, and driving real-world protection outcomes.
Be a key player in a multidisciplinary team where your deep security expertise will directly influence ML model design, data pipeline strategy, and real-world product impact.

We are seeking a highly skilled and experienced Windows Malware Security Researcher to join our growing Windows malware research team. In this role, you will play a key part in enhancing our Endpoint Detection and Response (EDR) agent by prototyping new protection components and techniques and developing advanced malware prevention strategies. You will work on identifying, analyzing, and mitigating sophisticated threats, Working closely with various teams to drive innovation.
The proposed role will be part of the Windows malware research team of the Cortex-XDR agent group.
You will focus primarily on our cutting-edge agent technology, with an emphasis on real-time prevention on Windows endpoints. A deep understanding of the Windows Operating System is essential
Your Impact:
Playing a pivotal role in shaping the future of our security solutions.
enhance the effectiveness of our EDR product by designing cutting-edge protection components and developing sophisticated prevention rules
Researching OS internals and how Windows works under the hood - leveraging this knowledge to develop and improve our anti-malware mechanisms and capabilities
Research and lead novel protection ideas to production-grade level, serving as the feature subject matter expert
Research new malware and APT mitigation techniques and develop corresponding capabilities (POC level) or improve existing mitigation capabilities.
Respond to malware-based security events at clients networks.
Stay up to date with current malware and APT techniques.
You will provide feedback to the product management team on new feature requests and product enhancements from our customer base
Find new malware techniques and APT attacks including analysis of caught-in-the-wild malware.