Were seeking a Security Researcher with deep expertise in low-level Linux internals and eBPF-based detection development.
Your mission: analyze Linux malware and extract behavioral detections that expose attacker activity even in the most ephemeral cloud-native systems.
Team Nautilus, the threat research group, leads cutting-edge investigations into cloud-native threats from exposing stealthy, fileless malware like HeadCrab to building kernel-level defenses for containerized environments. Our work shapes open-source tools, influences cloud provider security, and protects workloads across the Fortune 500.
Core Responsibilities
Research and analyze sophisticated attack techniques targeting Linux-based cloud-native systems (Kubernetes, containers, serverless).
Build low-level behavioral detections using eBPF, focused on malware execution, privilege abuse, persistence, and evasion techniques.
Prototype observability and response capabilities at the kernel layer, contributing directly to tools like Tracee.
Analyze Linux malware and extract behavioral detections to inform threat detection logic and strengthen defensive capabilities.
Collaborate with engineering teams to translate research into production-grade detection pipelines and runtime protections.
Specialized Focus Areas:
Design and develop eBPF-based sensors that trace syscall activity, privilege escalation paths, network tampering, and stealthy behaviors.
Track emerging malware families targeting cloud-native infrastructure and extract TTPs from live samples and honeypot environments.
Contribute original research to the community through technical blogs, CVEs, conference presentations, or open-source code contributions.
Requirements: Requirements:
5+ years in security research, with a strong focus on Linux malware analysis, behavioral detection, and system internals.
Proven experience writing eBPF-based detection logic for runtime monitoring and threat visibility.
Deep knowledge of Linux kernel internals, syscall interfaces, and OS-level attack surfaces.
Proficiency in C (especially for kernel-level or low-level systems programming) and Python (for tooling, analysis, and automation).
Familiarity with cloud-native technologies such as containers, Kubernetes, and serverless workloads.
Strong understanding of adversary tradecraft in Linux environments, including malware persistence and evasion strategies.
Excellent written and verbal communication skills.
A proactive, creative mindset that thrives on discovering and neutralizing novel threats.
Preferred Qualifications (Bonus)
Experience with kernel tracing frameworks (e.g., eBPF, kprobes, tracepoints, LSM hooks).
Familiarity with tools like Ghidra, IDA Pro, Radare2, or dynamic malware analysis sandboxes.
Understanding of MITRE ATT&CK for Containers or Cloud, threat modeling, and detection engineering principles.
Track record of public research contributions (e.g., CVEs, technical write-ups, conference talks, or open-source projects).
Experience analyzing security gaps in cloud services, IAM configurations, or container orchestration systems.
This position is open to all candidates.