דרושים » אבטחת מידע וסייבר » Senior Security Researcher - Risk

We are seeking a Senior Security Researcher - AI Security to join our highly technical product research team working at the core of our cloud security platform. This is a rare opportunity to define a new discipline. AI security is an emerging field with few established playbooks, and you will help write them. In this role, you will own the research direction for AI security across Tenable's platform, uncovering novel risks in AI-native systems and translating that knowledge into product capabilities and industry-leading research. You'll be surrounded by experienced researchers and engineers who live and breathe security, with the space and backing to do original work in a domain that is rapidly evolving.
We're looking for an exceptional security researcher who can navigate ambiguity, think like an attacker, and bring clarity to a space that lacks it. You're curious, technically deep, and energized by the challenge of defining risk in systems that are still being understood.

Your Role:

Be at the forefront of an emerging discipline. Conduct technical analysis of AI frameworks, services, and architectures to discover novel risks, vulnerabilities, and attack vectors before they become industry-wide problems .
Define AI security risk by analyzing how exposure is created and exploited in AI systems. Collaborate with engineering and product teams to translate AI research into product findings.
Evaluate the risk of pre-trained models, vector databases, and orchestration frameworks (e.g., LangChain, LlamaIndex) to define how shadow AI creates organizational exposure.
Author blogs, whitepapers, and technical advisories that set the industry narrative. Present original research at leading conferences and serve as Tenable's external voice on AI risk topics.
Analyze AI systems from an attacker's perspective to define trust boundaries, map attack techniques, and identify exploitable paths. Translate findings into product features and outbound research.
Investigate and analyze AI infrastructures and services to find 0-day vulnerabilities, security holes, weaknesses, and design flaws.

We are seeking a Senior Security Researcher - Cloud Threats to join our highly technical product research team working at the core of our cloud security platform.

This is a rare opportunity to join an elite cloud security research team and do work that directly shapes our product. In this role, you will own the research direction for our Cloud Detection and Response (CDR) capabilities, designing detection strategies across agentless and agent-based telemetry, expanding coverage across cloud attack surfaces, and developing prioritization mechanisms that help customers focus on what matters.

You will perform novel security research to uncover attacker behavior, develop detection methodologies, and apply detection-as-code principles to build production-grade detections. Beyond product work, you'll contribute to our external thought leadership, writing and speaking about cloud threats, adversary tradecraft, and detection methodologies.

We're looking for an exceptional, adversary-focused security researcher who can bridge threat intelligence, cloud security knowledge, and detection engineering. You're curious, comfortable with ambiguity, and driven to understand how attackers operate in cloud environments.

Your Role:
Own the research direction for Cloud Detection and Response (CDR), driving the vision for how we detect and respond to cloud threats.
Design detection strategies across agentless and agent-based telemetry sources, focusing on quality and detecting what matters.
Perform novel security research to uncover attacker tradecraft, techniques, and behaviors in cloud environments, informing both product direction and external research.
Apply detection-as-code principles to build production-grade detections that ship directly in the Tenable Cloud Security platform.
Stay current with emerging cloud threats and translate threat intelligence into actionable detection logic and product capabilities.
Write and speak about cloud threats, adversary tradecraft, and detection methodologies to strengthen our voice in cloud security.

We are seeking a Senior Security Researcher - Cloud Threats to join our highly technical product research team working at the core of our cloud security platform.

This is a rare opportunity to join an elite cloud security research team and do work that directly shapes our product. In this role, you will own the research direction for our Cloud Detection and Response (CDR) capabilities, designing detection strategies across agentless and agent-based telemetry, expanding coverage across cloud attack surfaces, and developing prioritization mechanisms that help customers focus on what matters.

You will perform novel security research to uncover attacker behavior, develop detection methodologies, and apply detection-as-code principles to build production-grade detections. Beyond product work, you'll contribute to Tenable's external thought leadership, writing and speaking about cloud threats, adversary tradecraft, and detection methodologies.

We're looking for an exceptional, adversary-focused security researcher who can bridge threat intelligence, cloud security knowledge, and detection engineering. You're curious, comfortable with ambiguity, and driven to understand how attackers operate in cloud environments.

Your Role:

Own the research direction for Cloud Detection and Response (CDR), driving the vision for how we detect and respond to cloud threats.
Design detection strategies across agentless and agent-based telemetry sources, focusing on quality and detecting what matters.
Perform novel security research to uncover attacker tradecraft, techniques, and behaviors in cloud environments, informing both product direction and external research.
Apply detection-as-code principles to build production-grade detections that ship directly in the Tenable Cloud Security platform.
Stay current with emerging cloud threats and translate threat intelligence into actionable detection logic and product capabilities.
Write and speak about cloud threats, adversary tradecraft, and detection methodologies to strengthen Tenable's voice in cloud security.

Were looking for Principal Cloud Security Researcher with a strong security background to join our innovative Research team.
The Role
We're looking for a Principal Cloud Security Researcher to serve as a senior technical leader within our Research team. This is a high-impact individual contributor role -- you won't manage people, but you'll shape the direction of our entire research function, mentor researchers, and act as a force multiplier across the organization.
You'll be the person who takes a vague threat signal and turns it into a detection strategy, a published finding, or a product capability. You'll operate as a trusted deputy to the research team lead, owning the most complex and ambiguous research challenges while raising the technical bar for the team.
What You'll Do
Drive Groundbreaking Research
Own and drive our most critical research initiatives end-to-end - from initial threat hypothesis through detection logic, product integration, and external publication.
Set the technical direction for cloud threat research across AWS, Azure, and GCP, identifying emerging attack surfaces and novel techniques before they become mainstream threats.
Investigate real-world cloud and SaaS security incidents, dissecting attacker tradecraft and extracting insights that evolve our detection capabilities.
Pioneer new forensic investigation techniques and detection methodologies for cloud-native and SaaS environments - pushing the state of the art, not just following it.
Be a Voice in the Community
Represent our company as a thought leader through high-quality research publications, conference presentations (BlackHat, DEF CON, RSA, fwd:cloudsec, and similar venues), and open-source contributions.
Build and maintain our reputation as a research-driven company that advances the field - not just a vendor with a blog.
Engage with the broader security research community, fostering relationships and collaborative knowledge-sharing.
Shape the Product
Bridge research and product - translate threat findings into actionable product requirements, working closely with engineering and product teams to ensure our CDR platform stays ahead of evolving threats.
Design and develop advanced detection algorithms that directly feed into our platform, closing the gap between research insight and customer protection.
Elevate the Team
Act as the team's go-to technical authority. When researchers hit a wall on complex cloud attack chains, IAM edge cases, or detection gaps - you're who they turn to.
Mentor and grow other researchers through research reviews, pair investigations, code reviews, and by setting quality standards and methodology best practices.
Influence technical decisions org-wide - contributing to architecture, tooling, and strategic research priorities.
Step in as the research team lead's deputy when needed - driving prioritization, representing research cross-functionally, and ensuring continuity.

Required Head of Research
About the role:
As the Head of Research, you will lead our threat-research, security-innovation, and vulnerability-discovery efforts. You will define the strategy for how we uncover threats, identify novel attack vectors, influence product direction, and contribute thought leadership to the cybersecurity community. You will manage and grow a team of world-class researchers, work closely with product, engineering and go-to-market teams, and ensure our research remains cutting-edge, rigorous and impactful. This role emphasizes strong people leadership and cross-functional execution, alongside technical depth and hands-on research judgment.
What youll do:
Develop, own and evolve the research strategy by defining high value focus areas (for example misconfigurations, identity threats, workload vulnerabilities, and emerging attack techniques), and ensure alignment with our product roadmap and business objectives.
Lead, coach, and mentor a multidisciplinary research team (researchers, threat analysts, and engineers).
Build a healthy, high-performing org, including hiring, onboarding, and performance management.
Partner closely with product and engineering leadership to turn research insights into concrete roadmap items, detection logic, and customer value.
Drive discovery of new vulnerabilities, attack techniques, or adversary behaviors across cloud and modern infrastructure environments (for example containers, serverless, data stores, IAM).
Define metrics for research impact (for example vulnerabilities discovered, time to validate and operationalize new findings, research-driven product improvements, external reach).
Establish and maintain external partnerships (industry peers, academic groups, independent researchers) to expand our capabilities and pipeline.
Publish and present research findings (blog posts, white papers, conference talks).
Lead vulnerability disclosure and responsible communications.
Ensure the research function has the right infrastructure and processes (tooling, sandboxes, repeatable experimentation, documentation standards).
Stay current with the threat landscape, emerging technologies, attacker tradecraft, and relevant compliance or regulatory shifts.

We're looking for a Threat Detection Researcher to join the Threat Research team and spread the power. In this role, you will further develop the Cloud-native Threat Detection domain.
WHAT YOULL DO
Design behavioral baselines for complex cloud environments using diverse signals, and develop high-fidelity detections based on those baselines.
Expand our detection engine with novel and high-impact telemetry sources, pushing the boundaries of what can be detected in modern cloud environments.
Conduct deep technical research into complex cloud services to uncover novel attack vectors.
Investigate real-world attacks across cloud environments, identity providers (IDPs), and infrastructure-as-a-service (IaaS) platforms.
Hunt and analyze emerging threats and active campaigns targeting cloud ecosystems.

As the Code & AI Security Research Manager, you will lead an elite team in redefining trust for an era of agentic automation and hyper-connected supply chains. You will serve as a technical lighthouse and strategic leader, managing a high-performance team to secure the core of modern engineering. Your mission is to bridge deep technical research with product innovation, ensuring our customers' security posture evolves faster than the way they build software.
Key Responsibilities
Lead, mentor, and empower a team of world-class security researchers to pioneer AI-native security strategies.
Define the vision for identifying and mitigating novel attack vectors targeting coding agents and autonomous development workflows.
Oversee the evolution of traditional code vulnerabilities into proactive, self-healing workflows that fix issues before they reach a pull request.
Drive deep-dive research into software supply chain vulnerabilities, including CI/CD pipeline risks and third-party package security.
Proactively collaborate with Product and Engineering leaders to integrate research findings into core platform detection and remediation logic.
Establish the team as a global thought leader by overseeing original research publications, influential blog posts, and conference presentations.

Were looking for a Senior Security Researcher to drive high-impact research across cloud, runtime, and application environments, and translate it into product-grade detections. This is a hands-on role for someone who can lead investigations end-to-end: from understanding attacker tradecraft and vulnerabilities, through building reliable detection logic, to influencing product direction.
On a typical day youll:
Lead deep-dive research into real-world attacks, vulnerabilities, and emerging cloud and runtime techniques
Own complex investigations (DFIR, threat hunting, root-cause analysis) and convert learnings into durable detections
Design and implement advanced detection logic and analytics across cloud assets, containers, Kubernetes, and Linux runtime telemetry
Build prototypes and production-ready components that improve detection accuracy, fidelity, and coverage
Partner closely with engineering and product to shape roadmap priorities and guide implementation details
Develop research methodologies, testing frameworks, and validation processes for new detections
Mentor and level up other researchers and engineers through reviews, knowledge sharing, and technical guidance
Represent the team externally through publications, technical blogs, and conference talks.

: Were looking for a hands-on AI Cyber Intelligence Engineer - in the domain of attack surface. Someone who lives and breathes cyber security, loves exploring how attackers move through real environments, and is excited to shape how AI can automate and extend that process.
In this role, youll analyze real-world environments, identify potential attack vectors, and work closely with our AI engineering teams to translate your domain expertise into actionable, intelligent workflows. Youll play a key role in guiding how our platform learns to think and act like a top-tier security analyst.
The Dream-Maker Responsibilities
Design and shape AI-driven security agents by encoding expert attacker and defender reasoning into agentic flows, prompts, decision logic, and investigative strategies.
Translate offensive security and red-team expertise into structured knowledge that enables AI systems to identify, prioritize, and reason about real-world attack paths in complex enterprise environments.
Model attacker behavior and multi-step attack scenarios, focusing on lateral movement, privilege escalation, and cross-domain exploitation - and guide how AI agents simulate and evaluate these scenarios.
Act as a domain expert partner for product and engineering teams, ensuring AI-driven security decisions remain grounded in real attacker tradecraft and operational reality.

We are looking for a Security Researcher who thrives on both sides of the fence. You will develop offensive tradecraft-discovering new attack vectors and writing exploits-then use that perspective to engineer robust, product-level mitigations. If youre energized by finding a novel browser attack on Monday and shipping the defense for it by Friday, this role is for you.
Key Responsibilities
Offensive Research: Discover new attack vectors, abuse patterns, and security gaps in browsers, web applications, OS internals, and enterprise workflows.
Defensive Engineering: Design and implement detections, mitigations, and security policies informed by your offensive findings; close the loop from attack to protection.
Vulnerability & Malware Analysis: Perform reverse engineering on malware, exploits, and obfuscated code across Windows, macOS, and browser environments.
Web & Browser Security: Research techniques ranging from classic vulnerabilities (XSS, SSRF) to browser-specific primitives (extension abuse, DOM manipulation, same-origin bypasses).
Supply-Chain Security: Investigate threats in software supply chains, including browser extension marketplaces and package registries.
Threat Intelligence: Correlate signals across multiple sources to identify malicious infrastructure and adversary TTPs.
Public Impact: Write technical blog posts, publish research, and represent Island at major security conferences (Black Hat, DEF CON, etc.).