דרושים » אבטחת מידע וסייבר » Malware Researcher (5661)

We are looking for a Malware Analysis Team Leader with a deep focus on cybercrime investigations to lead a dynamic team of experts dedicated to identifying, analyzing, publishing, and mitigating cybercrime-related threats. This leadership role will drive advanced malware analysis efforts, conduct threat research, publish in top conferences and blogs, and coordinate with internal and external stakeholders to combat and prevent cybercriminal activities. The ideal candidate will have strong technical expertise in malware reverse engineering, a deep understanding of cybercrime tactics, and excellent communication skills, including the ability to present findings clearly and publish research for internal stakeholders and the broader cybersecurity community.

Key Responsibilities
Lead the Malware Analysis Team: Manage and mentor a team of skilled researchers on identifying, analyzing, and mitigating malware associated with cybercrime, including ransomware, banking Trojans, exploit kits, and other forms of cybercriminal malware.
Cybercrime Threat Intelligence: Collaborate with threat intelligence teams to analyze malware in the context of cybercrime syndicates and criminal activity. Identify trends, tactics, and patterns in malware usage by cybercriminal groups and provide actionable intelligence to relevant teams and external partners.
Malware Reverse Engineering: Lead efforts in reverse-engineering malicious software, tracking variants, and identifying attack techniques, tactics, and procedures (TTPs) cybercriminal actors use.
Cross-Functional Collaboration: Work closely with internal teams (e.g., Incident Response, Threat Intelligence, SOC) and external stakeholders (e.g., law enforcement, CERT, threat intelligence providers) to share findings, collaborate on investigations and coordinate actions to disrupt cybercrime activities.
Publication and Thought Leadership: Produce detailed, high-quality research reports and technical papers based on malware analysis and cybercrime investigations. Contribute to the publication of findings in industry-leading forums, conferences, and journals, establishing the organization as a thought leader in cybersecurity.
Presentations and Reporting: Prepare and deliver presentations to technical and non-technical stakeholders, including executives, legal teams, and law enforcement. Communicate complex findings, research insights, and actionable intelligence on cybercrime and malware trends.
Training and Development: Mentored junior team members, providing guidance on malware analysis techniques, threat hunting, and reporting. Foster a culture of continuous improvement, encouraging knowledge sharing and professional development within the team.

We are looking for a Cyber Security Researcher to drive innovation in security defenses for on-premises and cloud environments. Your primary focus will be twofold:

1. Researching and developing novel defensive mechanisms to detect and mitigate advanced threats.

2. Contributing to open-source security tools by developing new solutions and enhancing existing ones.If you have a passion for security research, a strong technical foundation, and a drive to make meaningful contributions to the cybersecurity community, wed love to hear from you.


Responsibilities:
Research and prototype novel security defense techniques for on-prem and cloud-based systems

Analyze modern attack techniques and develop countermeasures to mitigate them.

Design, develop, and improve open-source security tools to help defenders detect and respond to threats.

Reverse engineer malware, attack tools, and security mechanisms to identify vulnerabilities and improvements.

Investigate Windows internals and authentication protocols (NTLM, Kerberos, SAML, OAuth) to enhance security defenses.Write secure, efficient, and maintainable C/C++ code for research and tooling purposes.

Collaborate with the security research community and contribute to blogs, whitepapers, and conference talks.

Stay ahead of the evolving threat landscape and propose innovative security solutions.

Conduct penetration testing on applications and network environments to identify vulnerabilities and security gaps.
Develop and document testing plans and penetration test reports with clear findings and recommendations.
Perform reconnaissance and network surveys to assess target environments.
Research security tools, exploits, and emerging threats, contributing to blogs and knowledge-sharing initiatives.
Analyze vulnerabilities, exploit weaknesses, and escalate access where applicable.
Assist in malware analysis and breach investigations to support incident response efforts.
Stay up to date with the latest attack techniques, tools, countermeasures, and technologies.
Mentor new team members and contribute to the development of tools, templates, and methodologies for penetration testing.

a Threat Researcher to join its Threat Intelligence Analysis (TIA) team. The team is responsible of discovering, analyzing and tracking advanced threat actors and campaigns, with a strong focus on high-end cybercrime and state-sponsored activities. You will join a team of motivated, independent & highly technical individuals and contribute the effort to protect customers and empower the brand.



Key Responsibilities
Identify, understand and monitor advanced campaigns using publicly available sources as well as internal telemetry.
Analyze malware and other hacking tools utilized by threat actors in active campaigns and intrusions.
Create technical research content for public and private intelligence reports.
Help build protections and detections based on deep understanding of advanced threat actors Tactics Techniques and Procedures (TTPs).
Collaborate with other security teams to assist threat intelligence and research tasks.

We are looking for an experienced malware researcher to lead our malware research team.
As a Malware Research Team Lead, you will lead research on source code, compiled code, and various software supply chain attacks. The position requires proven experience in researching malicious code, understanding supply chain attack techniques, and experience in developing malware monitoring and analysis automation.
As a Malware Research Team Lead you will...
Lead a team of experienced malware researchers to discover malicious code in open source & new supply chain attack techniques
Research malicious code in public repositories from various coding languages and technologies
Define and implement ways to automatically detect malicious code in open-source software
Write technical reports and outward-facing publications regarding all research subjects mentioned above
Present your teams research in local and international security conventions.

This role is offered as a hybrid, with the expectation to be in the office 3 days per week in Tel Aviv, Israel. We can only accept applications from those based in Israel or who have sponsorship to live and work in Israel.

What you can expect to do in this role:
iOS Security Analysis: Conduct in-depth analysis of iOS security mechanisms, including the secure boot process, sandboxing, code signing, keychain, secure enclave, and data protection. Identify weaknesses and potential vulnerabilities within the iOS ecosystem.
Vulnerability Assessment: Perform comprehensive vulnerability assessments of iOS applications using industry-standard frameworks such as MITRE, OWASP Mobile Security Testing Guide, and tools like Burp Suite. Identify and document security issues and propose mitigation strategies.
Attack Vector Analysis: Explore potential attack vectors that could compromise iOS devices and applications. Develop a deep understanding of the iOS threat landscape and post-exploit scenarios to anticipate and counteract security threats effectively.
Reverse Engineering: Utilize reverse engineering techniques and tools such as IDA Pro, Hopper, and Ghidra to dissect iOS applications and firmware. Analyze binaries, disassemble code, and reverse engineer software components to uncover vulnerabilities and weaknesses.
Privilege Escalation Research: Investigate iOS privilege escalation techniques and vulnerabilities, staying ahead of potential threats. Research and develop countermeasures to protect against privilege escalation attacks.
Development Contributions: While not mandatory, the ability to develop security-related tools, scripts is an advantage. Contribute to the creation of custom tools or enhancements that aid in mobile forensic analysis and security assessments.
Documentation and Reporting: Create detailed reports and documentation of security findings, methodologies, and recommended solutions. Communicate research results effectively to both technical and non-technical stakeholders through written reports and presentations.
Collaboration: Collaborate closely with cross-functional teams, including fellow researchers, software developers, and cybersecurity experts, to share insights, collaborate on security initiatives, and contribute to the development of secure mobile solutions.
Stay Current: Continuously monitor and stay up-to-date with the latest developments in iOS security, vulnerabilities, and exploits. Contribute to threat intelligence by sharing relevant information with the team.

We are expanding the Security Research team for which we are looking for highly skilled and passionate Senior Security Researchers focusing on GenAI, AI Agents / Agentic AI, and their interaction with Low-Code and No-Code platforms. The ideal candidate should have a minimum of 5 years of relevant experience and a strong background in conducting research, identifying vulnerabilities, and performing in-depth analysis of web and API security within cloud environments. This role offers a unique opportunity to contribute to the security of emerging technologies that are transforming the way people and organizations use computers.

The Research team at our company takes on the immense challenge of identifying and stopping malicious activity across vast streams of traffic. By crafting innovative solutions, we empower our products to make trillions of decisions every day with unparalleled precision. Our work directly impacts the safety of the internet and ensures that our company remains the best-in-class solution for our customers, standing strong against the ever-evolving tactics of attackers.
Were looking for a Senior Web Security Researcher to be part of a team of highly skilled professionals that include security researchers, data researchers, data scientists and software engineers who continuously hunt for threats, evaluate and develop new detection techniques, and share intel and attribution for cybercrime activity with the goal of protecting our customers while keeping the internet our company.
What you'll do:
Play a lot with the web-browsers, trying to find differences in behavior between them.
Research and develop signal collection on both mobile and desktop, which enables detection and improve our protection
Find ways to detect automation, for example, tools like Selenium, Playwright or Puppeteer.
Understand customer specific requirements, deliver with impact and exceed customer expectations.
Discover adversary tactics, techniques, and procedures leveraged by bots.
Create and validate data insights to enhance detection excellence.
Share security research topics through blogs, research talks, knowledge base and external engagements including conference presentations, detailing your discoveries for internal and external sharing.
Find bad stuff on the internet, see if you can figure out how it is done, document it.
Red team, experiment, and develop new tactics for various kinds of fraud and to bypass our detection, no need to wait for an attack to be discovered and used by adversaries first.
Stay abreast of cyber security trends and events related to our mission.
Contribute high impact work that substantially benefits team level metrics and OKRs.
Develop techniques, tools and scripts to simplify yours and others work.

We are seeking a highly skilled and experienced Head of Application Security to join our dynamic team. This role is pivotal in driving the security of our software development lifecycle and ensuring the robustness of our applications against potential threats. The ideal candidate will have a strong background in secure software development practices, including SSDLC implementation, and a deep understanding of security frameworks such as SALSA. This position reports directly to an R&D VP.

Key Responsibilities
Lead the application security team, providing strategic direction and mentorship.
Develop and implement a comprehensive Secure Software Development Lifecycle (SSDLC) framework.
Oversee the integration of security practices into all phases of the software development lifecycle.
Conduct risk assessments and threat modeling to identify and mitigate potential security vulnerabilities.
Collaborate with development teams to ensure secure coding practices and adherence to security standards, while maintaining developer productivity.
Implement and manage security automation tools and processes to enhance the efficiency of security operations.
Stay up-to-date on the latest security trends, vulnerabilities, and technologies to continuously improve our security posture.
Provide expert guidance on security architecture and design for new and existing applications.
Lead incident response efforts related to application security breaches and vulnerabilities.
Foster a culture of security awareness and continuous improvement within the organization.

The Research team at our company takes on the immense challenge of identifying and stopping malicious activity across vast streams of traffic. By crafting innovative solutions, we empower our products to make trillions of decisions every day with unparalleled precision. Our work directly impacts the safety of the internet and ensures that our company remains the best-in-class solution for our customers, standing strong against the ever-evolving tactics of attackers.
Were looking for a Senior Web Security Researcher to be part of a team of highly skilled professionals that include security researchers, data researchers, data scientists and software engineers who continuously hunt for threats, evaluate and develop new detection techniques, and share intel and attribution for cybercrime activity with the goal of protecting our customers while keeping the internet our company.
What you'll do:
Play a lot with the web-browsers, trying to find differences in behavior between them.
Research and develop signal collection on both mobile and desktop, which enables detection and improve our protection
Find ways to detect automation, for example, tools like Selenium, Playwright or Puppeteer.
Understand customer specific requirements, deliver with impact and exceed customer expectations.
Discover adversary tactics, techniques, and procedures leveraged by bots.
Create and validate data insights to enhance detection excellence.
Share security research topics through blogs, research talks, knowledge base and external engagements including conference presentations, detailing your discoveries for internal and external sharing.
Find bad stuff on the internet, see if you can figure out how it is done, document it.
Red team, experiment, and develop new tactics for various kinds of fraud and to bypass our detection, no need to wait for an attack to be discovered and used by adversaries first.
Stay abreast of cyber security trends and events related to our mission.
Contribute high impact work that substantially benefits team level metrics and OKRs.
Develop techniques, tools and scripts to simplify yours and others work.