דרושים » תוכנה » Staff Vulnerability Researcher - Office of the CTO

we are seeking a highly motivated and talented XDR Research Engineer to join our XDR Research team. In this role, you will develop advanced detection logic to identify and analyze security threats across the company XDR platform. Leveraging the rich data available in the company Cloud data lake, you will conduct extensive research and threat-hunting activities to broaden our detection capabilities and proactively uncover previously unknown threats.
Your work will directly influence the evolution of our companys XDR capabilities and strengthen the security posture of thousands of global customers.
This is an exceptional opportunity for security professionals passionate about Network Security, Detection Engineering, Malware Analysis, and Threat Hunting who want to make a meaningful impact on a fast-growing cybersecurity environment.
Responsibilities
Develop advanced detection logic for the XDR platform to identify security threats.
Conduct research using our company Cloud data, competitive intelligence, and newly published threat reports to expand detection coverage.
Create hunting heuristics and methodologies to uncover unknown or emerging threats.
Continuously improve detection accuracy and enhance the platforms ability to identify threats in a dynamic security landscape.
Participate in cybersecurity breach investigations and security incident activities.
Contribute to technical blogs and PR materials, and participate in cybersecurity conferences.

Were looking for a Senior Security Researcher to drive high-impact research across cloud, runtime, and application environments, and translate it into product-grade detections. This is a hands-on role for someone who can lead investigations end-to-end: from understanding attacker tradecraft and vulnerabilities, through building reliable detection logic, to influencing product direction.
On a typical day youll:
Lead deep-dive research into real-world attacks, vulnerabilities, and emerging cloud and runtime techniques
Own complex investigations (DFIR, threat hunting, root-cause analysis) and convert learnings into durable detections
Design and implement advanced detection logic and analytics across cloud assets, containers, Kubernetes, and Linux runtime telemetry
Build prototypes and production-ready components that improve detection accuracy, fidelity, and coverage
Partner closely with engineering and product to shape roadmap priorities and guide implementation details
Develop research methodologies, testing frameworks, and validation processes for new detections
Mentor and level up other researchers and engineers through reviews, knowledge sharing, and technical guidance
Represent the team externally through publications, technical blogs, and conference talks.

Were looking for Principal Cloud Security Researcher with a strong security background to join our innovative Research team.
The Role
We're looking for a Principal Cloud Security Researcher to serve as a senior technical leader within our Research team. This is a high-impact individual contributor role -- you won't manage people, but you'll shape the direction of our entire research function, mentor researchers, and act as a force multiplier across the organization.
You'll be the person who takes a vague threat signal and turns it into a detection strategy, a published finding, or a product capability. You'll operate as a trusted deputy to the research team lead, owning the most complex and ambiguous research challenges while raising the technical bar for the team.
What You'll Do
Drive Groundbreaking Research
Own and drive our most critical research initiatives end-to-end - from initial threat hypothesis through detection logic, product integration, and external publication.
Set the technical direction for cloud threat research across AWS, Azure, and GCP, identifying emerging attack surfaces and novel techniques before they become mainstream threats.
Investigate real-world cloud and SaaS security incidents, dissecting attacker tradecraft and extracting insights that evolve our detection capabilities.
Pioneer new forensic investigation techniques and detection methodologies for cloud-native and SaaS environments - pushing the state of the art, not just following it.
Be a Voice in the Community
Represent our company as a thought leader through high-quality research publications, conference presentations (BlackHat, DEF CON, RSA, fwd:cloudsec, and similar venues), and open-source contributions.
Build and maintain our reputation as a research-driven company that advances the field - not just a vendor with a blog.
Engage with the broader security research community, fostering relationships and collaborative knowledge-sharing.
Shape the Product
Bridge research and product - translate threat findings into actionable product requirements, working closely with engineering and product teams to ensure our CDR platform stays ahead of evolving threats.
Design and develop advanced detection algorithms that directly feed into our platform, closing the gap between research insight and customer protection.
Elevate the Team
Act as the team's go-to technical authority. When researchers hit a wall on complex cloud attack chains, IAM edge cases, or detection gaps - you're who they turn to.
Mentor and grow other researchers through research reviews, pair investigations, code reviews, and by setting quality standards and methodology best practices.
Influence technical decisions org-wide - contributing to architecture, tooling, and strategic research priorities.
Step in as the research team lead's deputy when needed - driving prioritization, representing research cross-functionally, and ensuring continuity.

We are looking for a Security Researcher who thrives on both sides of the fence. You will develop offensive tradecraft-discovering new attack vectors and writing exploits-then use that perspective to engineer robust, product-level mitigations. If youre energized by finding a novel browser attack on Monday and shipping the defense for it by Friday, this role is for you.
Key Responsibilities
Offensive Research: Discover new attack vectors, abuse patterns, and security gaps in browsers, web applications, OS internals, and enterprise workflows.
Defensive Engineering: Design and implement detections, mitigations, and security policies informed by your offensive findings; close the loop from attack to protection.
Vulnerability & Malware Analysis: Perform reverse engineering on malware, exploits, and obfuscated code across Windows, macOS, and browser environments.
Web & Browser Security: Research techniques ranging from classic vulnerabilities (XSS, SSRF) to browser-specific primitives (extension abuse, DOM manipulation, same-origin bypasses).
Supply-Chain Security: Investigate threats in software supply chains, including browser extension marketplaces and package registries.
Threat Intelligence: Correlate signals across multiple sources to identify malicious infrastructure and adversary TTPs.
Public Impact: Write technical blog posts, publish research, and represent Island at major security conferences (Black Hat, DEF CON, etc.).

Designs, develops, troubleshoots and debugs software programs for enhancements and new products. Develops software and tools in support of designs. Analyzes, designs, programs, debugs, and modifies software enhancements and/or new products used in local, networked, cloud-based or Internet-related computer programs. Using current programming language and technologies, writes code, completes development, and performs testing and debugging of applications.

Your Opportunity:
Expertly implements designs using modern programming practices.
Obsessed with quality.
Eager to learn.
Should lead/drive software development initiatives.
Participates in/leads design.
May perform other duties and responsibilities that management may deem necessary from time to time.

We are seeking a Senior Security Researcher - AI Security to join our highly technical product research team working at the core of our cloud security platform. This is a rare opportunity to define a new discipline. AI security is an emerging field with few established playbooks, and you will help write them. In this role, you will own the research direction for AI security across Tenable's platform, uncovering novel risks in AI-native systems and translating that knowledge into product capabilities and industry-leading research. You'll be surrounded by experienced researchers and engineers who live and breathe security, with the space and backing to do original work in a domain that is rapidly evolving.
We're looking for an exceptional security researcher who can navigate ambiguity, think like an attacker, and bring clarity to a space that lacks it. You're curious, technically deep, and energized by the challenge of defining risk in systems that are still being understood.

Your Role:

Be at the forefront of an emerging discipline. Conduct technical analysis of AI frameworks, services, and architectures to discover novel risks, vulnerabilities, and attack vectors before they become industry-wide problems .
Define AI security risk by analyzing how exposure is created and exploited in AI systems. Collaborate with engineering and product teams to translate AI research into product findings.
Evaluate the risk of pre-trained models, vector databases, and orchestration frameworks (e.g., LangChain, LlamaIndex) to define how shadow AI creates organizational exposure.
Author blogs, whitepapers, and technical advisories that set the industry narrative. Present original research at leading conferences and serve as Tenable's external voice on AI risk topics.
Analyze AI systems from an attacker's perspective to define trust boundaries, map attack techniques, and identify exploitable paths. Translate findings into product features and outbound research.
Investigate and analyze AI infrastructures and services to find 0-day vulnerabilities, security holes, weaknesses, and design flaws.

We are looking for talented, fast learners to work on vulnerability research and exploitation in embedded and IoT environments. This role is ideal for researchers with strong low-level backgrounds who want to deepen their expertise in IoT and embedded systems security while working on real-world, complex technologies

You will analyze proprietary software and hardware, apply a deep understanding of low-level systems, and take your research from initial discovery to a full end-to-end solution in production.





Requirements
5+ years of experience as a security researcher or industry-equivalent experience.
Understanding of memory corruption (Stack/Heap, UAF) and logical vulnerabilities (Injection, Logic/Design flaws, TOCTOU).
Understanding of common security mitigations such as ASLR, DEP, and CFI.
Expertise in OS internals, file systems, network protocols and cryptography concepts.
Hands-on experience with reverse engineering and debugging tools such as IDA Pro or Ghidra, and GDB.
Proficient in Assembly, C, and Python.

we are looking for a high-energy, talented people to join the company Security team. As a Security Engineer, you will take part in product content development and build logics and signatures to mitigate emerging security threats. Your work outcome will feed our company Cloud security products such as the IPS and Suspicious Activity Monitoring with the latest protections. You will analyze protocols and investigate various attacks utilizing network analysis tools and modern data analysis frameworks. Joining our company is an excellent opportunity for network security enthusiasts who are passionate about the future of Networking and Security.
Responsibilities:
Research and analyze new threats and develop product content such as IPS signatures and logic to provide the best protection for our companys customers.
Enhance product accuracy and its ability to detect new threats in the dynamically-changed security landscape.
Monitor your work using different monitoring tools and methods over the cloud.
Utilize our company Data Warehouse with big-data technologies to support your work.

As the Code & AI Security Research Manager, you will lead an elite team in redefining trust for an era of agentic automation and hyper-connected supply chains. You will serve as a technical lighthouse and strategic leader, managing a high-performance team to secure the core of modern engineering. Your mission is to bridge deep technical research with product innovation, ensuring our customers' security posture evolves faster than the way they build software.
Key Responsibilities
Lead, mentor, and empower a team of world-class security researchers to pioneer AI-native security strategies.
Define the vision for identifying and mitigating novel attack vectors targeting coding agents and autonomous development workflows.
Oversee the evolution of traditional code vulnerabilities into proactive, self-healing workflows that fix issues before they reach a pull request.
Drive deep-dive research into software supply chain vulnerabilities, including CI/CD pipeline risks and third-party package security.
Proactively collaborate with Product and Engineering leaders to integrate research findings into core platform detection and remediation logic.
Establish the team as a global thought leader by overseeing original research publications, influential blog posts, and conference presentations.