דרושים » אבטחת מידע וסייבר » Security Researcher

We are looking for a Cyber Security Researcher to drive innovation in security defenses for on-premises and cloud environments. Your primary focus will be twofold:

1. Researching and developing novel defensive mechanisms to detect and mitigate advanced threats.

2. Contributing to open-source security tools by developing new solutions and enhancing existing ones.If you have a passion for security research, a strong technical foundation, and a drive to make meaningful contributions to the cybersecurity community, wed love to hear from you.


Responsibilities:
Research and prototype novel security defense techniques for on-prem and cloud-based systems

Analyze modern attack techniques and develop countermeasures to mitigate them.

Design, develop, and improve open-source security tools to help defenders detect and respond to threats.

Reverse engineer malware, attack tools, and security mechanisms to identify vulnerabilities and improvements.

Investigate Windows internals and authentication protocols (NTLM, Kerberos, SAML, OAuth) to enhance security defenses.Write secure, efficient, and maintainable C/C++ code for research and tooling purposes.

Collaborate with the security research community and contribute to blogs, whitepapers, and conference talks.

Stay ahead of the evolving threat landscape and propose innovative security solutions.

This role is offered as a hybrid, with the expectation to be in the office 3 days per week in Tel Aviv, Israel. We can only accept applications from those based in Israel or who have sponsorship to live and work in Israel.

What you can expect to do in this role:
iOS Security Analysis: Conduct in-depth analysis of iOS security mechanisms, including the secure boot process, sandboxing, code signing, keychain, secure enclave, and data protection. Identify weaknesses and potential vulnerabilities within the iOS ecosystem.
Vulnerability Assessment: Perform comprehensive vulnerability assessments of iOS applications using industry-standard frameworks such as MITRE, OWASP Mobile Security Testing Guide, and tools like Burp Suite. Identify and document security issues and propose mitigation strategies.
Attack Vector Analysis: Explore potential attack vectors that could compromise iOS devices and applications. Develop a deep understanding of the iOS threat landscape and post-exploit scenarios to anticipate and counteract security threats effectively.
Reverse Engineering: Utilize reverse engineering techniques and tools such as IDA Pro, Hopper, and Ghidra to dissect iOS applications and firmware. Analyze binaries, disassemble code, and reverse engineer software components to uncover vulnerabilities and weaknesses.
Privilege Escalation Research: Investigate iOS privilege escalation techniques and vulnerabilities, staying ahead of potential threats. Research and develop countermeasures to protect against privilege escalation attacks.
Development Contributions: While not mandatory, the ability to develop security-related tools, scripts is an advantage. Contribute to the creation of custom tools or enhancements that aid in mobile forensic analysis and security assessments.
Documentation and Reporting: Create detailed reports and documentation of security findings, methodologies, and recommended solutions. Communicate research results effectively to both technical and non-technical stakeholders through written reports and presentations.
Collaboration: Collaborate closely with cross-functional teams, including fellow researchers, software developers, and cybersecurity experts, to share insights, collaborate on security initiatives, and contribute to the development of secure mobile solutions.
Stay Current: Continuously monitor and stay up-to-date with the latest developments in iOS security, vulnerabilities, and exploits. Contribute to threat intelligence by sharing relevant information with the team.

The Research team at our company takes on the immense challenge of identifying and stopping malicious activity across vast streams of traffic. By crafting innovative solutions, we empower our products to make trillions of decisions every day with unparalleled precision. Our work directly impacts the safety of the internet and ensures that our company remains the best-in-class solution for our customers, standing strong against the ever-evolving tactics of attackers.
Were looking for a Senior Web Security Researcher to be part of a team of highly skilled professionals that include security researchers, data researchers, data scientists and software engineers who continuously hunt for threats, evaluate and develop new detection techniques, and share intel and attribution for cybercrime activity with the goal of protecting our customers while keeping the internet our company.
What you'll do:
Play a lot with the web-browsers, trying to find differences in behavior between them.
Research and develop signal collection on both mobile and desktop, which enables detection and improve our protection
Find ways to detect automation, for example, tools like Selenium, Playwright or Puppeteer.
Understand customer specific requirements, deliver with impact and exceed customer expectations.
Discover adversary tactics, techniques, and procedures leveraged by bots.
Create and validate data insights to enhance detection excellence.
Share security research topics through blogs, research talks, knowledge base and external engagements including conference presentations, detailing your discoveries for internal and external sharing.
Find bad stuff on the internet, see if you can figure out how it is done, document it.
Red team, experiment, and develop new tactics for various kinds of fraud and to bypass our detection, no need to wait for an attack to be discovered and used by adversaries first.
Stay abreast of cyber security trends and events related to our mission.
Contribute high impact work that substantially benefits team level metrics and OKRs.
Develop techniques, tools and scripts to simplify yours and others work.

Were looking for a highly technical and creative Security Researcher to join our research group. This role is central to navigating complex security landscapes, advancing our CNAPP offerings, crafting sophisticated algorithms, and pioneering cloud security research. Working alongside a diverse team, youll explore the cutting edge of cloud and AI-driven security, uncovering critical vulnerabilities, developing novel detection techniques, and driving impactful research publications. Join us in shaping the future of cloud security, where your work not only advances our technology but also deeply resonates with our commitment to exceeding customer expectations, streamlining for simplicity, and tackling challenges with creative solutions.
Responsibilities :
Collaborate with teams across the organization, including Product, Frontend, DevOps, and GTM, to develop and integrate top-tier features.
Conduct deep technical research into cloud-native environments.
Lead initiatives from their inception through to deployment, emphasizing backend system efficiency, scalability, and reliability.
Innovate in Defense Evasion, amplifying the capabilities of our agents and engines.
Forge new paths in cloud security research and cyber security algorithm development.
Deep dive into threat detection and product content that provide deep insights and added value to our customers.

We are expanding the Security Research team for which we are looking for highly skilled and passionate Senior Security Researchers focusing on GenAI, AI Agents / Agentic AI, and their interaction with Low-Code and No-Code platforms. The ideal candidate should have a minimum of 5 years of relevant experience and a strong background in conducting research, identifying vulnerabilities, and performing in-depth analysis of web and API security within cloud environments. This role offers a unique opportunity to contribute to the security of emerging technologies that are transforming the way people and organizations use computers.

we are looking for a talented and creative Senior Security Researcher with experience conducting low and high level research on Browsers to join our Cyber R&D.

Our Javascript SDK runs on 100M+ users worldwide everyday. It collects advanced and unique digital intelligence data points that help catch the bad guys. It is highly performant and maintains strict privacy standards, running on a very broad device and browser landscape.

Data points created by SDK feed our rich data aggregation and enrichment systems, allowing for extremely high and accurate decision making. Very high scale data streams produced by the SDK are handled by servers which are also written and maintained by our team, and youll take part in owning those systems too.

What you'll be doing:

Lead Web/Browsers research in the team.
Research new methods and mechanisms for collecting data, design and develop for the SDK, making it bulletproof and highly performant, and push the new features value in the organisation.
Research the ins and outs of Browser APIs and how they work under the hood, investigate lesser known features and understand upcoming new features.
Take ownership of the entire data flow process - from concept to implementation.
Collaborate closely with analytics and engineering teams to produce value for the company.
Deliver and deploy the SDK to thousands of merchants, 100M+ users every day, making sure its safe, stable, does not interfere with user experience, or website functionality.
Make sure we keep up to date with all the latest browser technologies and changes, important Web standards, features and protocols, security and privacy requirements etc.

We're looking for an Application Security Researcher with a strong AppSec background to join our growing team and push the boundaries of what modern application security can do.

Passionate about AppSec? Ready to shape the future of application security tooling? Join us.

Responsibilities:

Build and maintain an advanced security research lab to test, evaluate, and supercharge detection tools.
Analyze tools across multiple domains: SAST, SCA, DAST, Secret Detection, IaC Scanning, Container Scanning, CSPM, and more.
Identify detection gaps and develop techniques and rules to close them.
Leverage Python and AI practices to automate research and drive smarter detection strategies.
Monitor emerging threats, CVEs, and high-profile incidents - and develop relevant detection content and platform enhancements.
Write and publish technical content covering vulnerabilities, detection strategies, incident analysis, and research findings.
Collaborate closely with engineering, product, and marketing to translate research into product innovation and thought leadership.

We are an early-stage startup, looking for a technical leader to lead our research & innovation department. Youll lead the Research function at the intersection of Cybersecurity AI and payment fraud prevention. Were revolutionizing B2B payments with cutting-edge technologies, and need a talented, detail-oriented leader to drive our security research efforts and make a real impact on how enterprises secure their payment flows.
What Youll Do:
Build & Lead a World-Class Team: Scale our Research group from 2 to 4 experts, mentoring them to tackle an underserved problem in payment security.
Define the Research Roadmap: Own the strategy for discovering attack trends, vulnerabilities, and fraud methods in B2B payment processes.
Hands-On Research: Hunt emerging threatsinvestigate supply-chain and payment-flow attacks, quantify impact, and prototype novel detection/remediation tools.
Cross-Functional Collaboration: Partner with Product, Engineering, and Threat Intelligence to transform research insights into features that enhance our AI-driven security platform.
Customer & Industry Engagement: Present findings to strategic customer leaders and at conferences; publish whitepapers or blog posts that establish our domain expertise.
Incubate & Operationalize PoCs: Turn proofs-of-concept into production-ready product capabilities that preemptively defend against next-gen payment fraud.
Balance Long-Term Vision & Short-Term Wins: Maintain an action-oriented mindset to deliver both immediate research outputs and foundational work for future product pillars.

The Research team at our company takes on the immense challenge of identifying and stopping malicious activity across vast streams of traffic. By crafting innovative solutions, we empower our products to make trillions of decisions every day with unparalleled precision. Our work directly impacts the safety of the internet and ensures that our company remains the best-in-class solution for our customers, standing strong against the ever-evolving tactics of attackers.
Were looking for a Senior Web Security Researcher to be part of a team of highly skilled professionals that include security researchers, data researchers, data scientists and software engineers who continuously hunt for threats, evaluate and develop new detection techniques, and share intel and attribution for cybercrime activity with the goal of protecting our customers while keeping the internet our company.
What you'll do:
Play a lot with the web-browsers, trying to find differences in behavior between them.
Research and develop signal collection on both mobile and desktop, which enables detection and improve our protection
Find ways to detect automation, for example, tools like Selenium, Playwright or Puppeteer.
Understand customer specific requirements, deliver with impact and exceed customer expectations.
Discover adversary tactics, techniques, and procedures leveraged by bots.
Create and validate data insights to enhance detection excellence.
Share security research topics through blogs, research talks, knowledge base and external engagements including conference presentations, detailing your discoveries for internal and external sharing.
Find bad stuff on the internet, see if you can figure out how it is done, document it.
Red team, experiment, and develop new tactics for various kinds of fraud and to bypass our detection, no need to wait for an attack to be discovered and used by adversaries first.
Stay abreast of cyber security trends and events related to our mission.
Contribute high impact work that substantially benefits team level metrics and OKRs.
Develop techniques, tools and scripts to simplify yours and others work.

The CSO Security team is looking for a Senior Application Security Researcher. In this role, you will perform vulnerability research, assess existing architectures, and build and run tools to secure the application landscape at scale. You will work closely with R&D and DevOps teams and be the focal point for identifying and solving complex security challenges. This is a hands-on, development-focused role with the goal of ensuring our products adhere to the stringent security requirements of our thousands of customers.
As a Senior Application Security Researcher you will
Continuously assess and challenge our overall security posture to ensure optimal and up-to-date platform security in our products and systems
Evaluate architecture, design, and code to ensure they are free from potential vulnerabilities and security risks
Train and mentor developers about security frameworks, testing, vulnerabilities, and best practices to ensure code compliance
Evaluate new technologies and standards in the application security domain
Plan and lead cross-company efforts with the R&D that will improve JFrogs security posture.