דרושים » אבטחת מידע וסייבר » Security Researcher

We are looking for a Security Researcher who thrives on both sides of the fence. You will develop offensive tradecraft-discovering new attack vectors and writing exploits-then use that perspective to engineer robust, product-level mitigations. If youre energized by finding a novel browser attack on Monday and shipping the defense for it by Friday, this role is for you.
Key Responsibilities
Offensive Research: Discover new attack vectors, abuse patterns, and security gaps in browsers, web applications, OS internals, and enterprise workflows.
Defensive Engineering: Design and implement detections, mitigations, and security policies informed by your offensive findings; close the loop from attack to protection.
Vulnerability & Malware Analysis: Perform reverse engineering on malware, exploits, and obfuscated code across Windows, macOS, and browser environments.
Web & Browser Security: Research techniques ranging from classic vulnerabilities (XSS, SSRF) to browser-specific primitives (extension abuse, DOM manipulation, same-origin bypasses).
Supply-Chain Security: Investigate threats in software supply chains, including browser extension marketplaces and package registries.
Threat Intelligence: Correlate signals across multiple sources to identify malicious infrastructure and adversary TTPs.
Public Impact: Write technical blog posts, publish research, and represent Island at major security conferences (Black Hat, DEF CON, etc.).

We are seeking a Senior Security Researcher - AI Security to join our highly technical product research team working at the core of our cloud security platform. This is a rare opportunity to define a new discipline. AI security is an emerging field with few established playbooks, and you will help write them. In this role, you will own the research direction for AI security across Tenable's platform, uncovering novel risks in AI-native systems and translating that knowledge into product capabilities and industry-leading research. You'll be surrounded by experienced researchers and engineers who live and breathe security, with the space and backing to do original work in a domain that is rapidly evolving.
We're looking for an exceptional security researcher who can navigate ambiguity, think like an attacker, and bring clarity to a space that lacks it. You're curious, technically deep, and energized by the challenge of defining risk in systems that are still being understood.

Your Role:

Be at the forefront of an emerging discipline. Conduct technical analysis of AI frameworks, services, and architectures to discover novel risks, vulnerabilities, and attack vectors before they become industry-wide problems .
Define AI security risk by analyzing how exposure is created and exploited in AI systems. Collaborate with engineering and product teams to translate AI research into product findings.
Evaluate the risk of pre-trained models, vector databases, and orchestration frameworks (e.g., LangChain, LlamaIndex) to define how shadow AI creates organizational exposure.
Author blogs, whitepapers, and technical advisories that set the industry narrative. Present original research at leading conferences and serve as Tenable's external voice on AI risk topics.
Analyze AI systems from an attacker's perspective to define trust boundaries, map attack techniques, and identify exploitable paths. Translate findings into product features and outbound research.
Investigate and analyze AI infrastructures and services to find 0-day vulnerabilities, security holes, weaknesses, and design flaws.

The Staff Vulnerability Researcher will be involved with researching existing vulnerabilities, looking for new vulnerabilities, and developing checks/plugins to detect these vulnerabilities via our products. This role will involve some interfacing with stakeholders outside the Research team.

Your Opportunity:
Works on complex research and development initiatives.
Implements advanced detection logic while minimizing false positives & false negatives.
Participates in detection logic discussions and the research of new methods for detection.
Interfaces with stakeholders on externalizing the outcomes of some of the research.
Helps / trains other researchers, when needed.
Keep abreast with the advancements and developments in the security industry and perform original research to keep our customers secure.
Develop detection scripts for our sensors (Nessus vulnerability scanner and others) based on the research findings.
Research and develop methods of detection for additional services and products from different vendors.
May perform other duties and responsibilities that management may deem necessary from time to time.

We are looking for a versatile and innovative Attack-oriented Cyber Researcher to join our R&D team and become part of the revolution. You will conduct state-of-the-art research across multiple environments, ranging from Windows internals and kernel-level security to cloud platforms like AWS, Azure, Web technologies, etc' to stay one step ahead of real threat actors.

Your findings, your code and attack tools will feed directly into our automated attack platform, enhancing its capabilities with new offensive techniques and AI-powered decision-making algorithms.



Roles and Responsibilities:

Perform in-depth research in multiple areas such from AV/EDR evasion, binary exploitation, vulnerability discovery, and subversion of communication channels across both OS-level, domains, cloud-native domains, external surfaces.
Integrate research outputs into production-grade attack functionalities within our automation ecosystem.
Architect and develop AI-driven decision-making modules that enable the platform to mimic experienced attackers, making real-time choices during automated operations.
Develop production-ready attack capabilities using whatever technologies are necessary, Python, C/C++, C#, Java, Office Macros, Bash, PowerShell, Go, Ruby, Assembly, etc.
Mentor and collaborate with fellow R&D team members, fostering a culture of innovation and continuous learning.

We're looking for an Application Security Researcher to join us. In this critical role, you will assist us in validating our services and environments according to the highest security standards. Also, You will work closely with our R&D and Product teams, and solve complex security problems.
Responsibilities:
Continuously checking and improving security measures to protect our systems.
Reviewing system architecture, design, and code to find and fix security weaknesses before they become a problem.
Helping developers follow secure coding practices and learn how to prevent security risks.
Staying updated on new security threats and best practices to keep our security standards high.
Contributing to our companys security research blog.

Were looking for Principal Cloud Security Researcher with a strong security background to join our innovative Research team.
The Role
We're looking for a Principal Cloud Security Researcher to serve as a senior technical leader within our Research team. This is a high-impact individual contributor role -- you won't manage people, but you'll shape the direction of our entire research function, mentor researchers, and act as a force multiplier across the organization.
You'll be the person who takes a vague threat signal and turns it into a detection strategy, a published finding, or a product capability. You'll operate as a trusted deputy to the research team lead, owning the most complex and ambiguous research challenges while raising the technical bar for the team.
What You'll Do
Drive Groundbreaking Research
Own and drive our most critical research initiatives end-to-end - from initial threat hypothesis through detection logic, product integration, and external publication.
Set the technical direction for cloud threat research across AWS, Azure, and GCP, identifying emerging attack surfaces and novel techniques before they become mainstream threats.
Investigate real-world cloud and SaaS security incidents, dissecting attacker tradecraft and extracting insights that evolve our detection capabilities.
Pioneer new forensic investigation techniques and detection methodologies for cloud-native and SaaS environments - pushing the state of the art, not just following it.
Be a Voice in the Community
Represent our company as a thought leader through high-quality research publications, conference presentations (BlackHat, DEF CON, RSA, fwd:cloudsec, and similar venues), and open-source contributions.
Build and maintain our reputation as a research-driven company that advances the field - not just a vendor with a blog.
Engage with the broader security research community, fostering relationships and collaborative knowledge-sharing.
Shape the Product
Bridge research and product - translate threat findings into actionable product requirements, working closely with engineering and product teams to ensure our CDR platform stays ahead of evolving threats.
Design and develop advanced detection algorithms that directly feed into our platform, closing the gap between research insight and customer protection.
Elevate the Team
Act as the team's go-to technical authority. When researchers hit a wall on complex cloud attack chains, IAM edge cases, or detection gaps - you're who they turn to.
Mentor and grow other researchers through research reviews, pair investigations, code reviews, and by setting quality standards and methodology best practices.
Influence technical decisions org-wide - contributing to architecture, tooling, and strategic research priorities.
Step in as the research team lead's deputy when needed - driving prioritization, representing research cross-functionally, and ensuring continuity.

We are seeking an experienced Vulnerability Researcher to join our team, where our ethos of customer-centric problem solving, ownership, professionalism, and resourcefulness are at the heart of everything we do. The team faces complex research issues daily, solving new challenges and constantly improving the existing solutions. In this key position, you'll dive deep into complex security puzzles, pushing the boundaries of our vulnerability research and solutions. Collaborating on challenges with our team means working with the leading cloud platforms (AWS, GCP, Azure) and leveraging advanced technologies like Kubernetes, EBPF, Docker, and more.
Responsibilities :
Vulnerability research in the major Cloud providers and cutting-edge technologies.
Collaborate with teams across the organization, including Product, and GTM, to develop and integrate top-tier features.
Conduct deep technical research into cloud-native environments.
Lead offensive investigations in Kubernetes, eBPF, AI/ML‑based anomaly detection, and runtime security, translating findings into production‑grade detections.
Create authoritative content - white‑papers, conference papers, blogs, and release notes that educate users and elevate brand.
Deep dive into threat detection and product content that provide our customers deep insights and added value.

Were looking for a Senior Security Researcher to drive high-impact research across cloud, runtime, and application environments, and translate it into product-grade detections. This is a hands-on role for someone who can lead investigations end-to-end: from understanding attacker tradecraft and vulnerabilities, through building reliable detection logic, to influencing product direction.
On a typical day youll:
Lead deep-dive research into real-world attacks, vulnerabilities, and emerging cloud and runtime techniques
Own complex investigations (DFIR, threat hunting, root-cause analysis) and convert learnings into durable detections
Design and implement advanced detection logic and analytics across cloud assets, containers, Kubernetes, and Linux runtime telemetry
Build prototypes and production-ready components that improve detection accuracy, fidelity, and coverage
Partner closely with engineering and product to shape roadmap priorities and guide implementation details
Develop research methodologies, testing frameworks, and validation processes for new detections
Mentor and level up other researchers and engineers through reviews, knowledge sharing, and technical guidance
Represent the team externally through publications, technical blogs, and conference talks.

In this role, you will be the architect of our "security brain." You will write the low-level code that observes what is happening (eBPF/Golang) and build the AI models that understand, diagnose, and prevent issues (LLMs/Python).
Key Responsibilities
1. The "Eyes": eBPF Development & Systems Engineering
Lead the Cimon Agent: Spearhead the active development of our high-performance eBPF agent "Cimon" using Golang and C.
Kernel-Level Innovation: Design and implement eBPF programs for deep observability, runtime security, and container monitoring.
Performance Obsession: Write beautiful, highly efficient code that runs in the Linux kernel with minimal overhead.
Community Leadership: Actively participate in the eBPF and open-source communities, contributing code and presenting technical deep dives at conferences.
2. The "Brain": AI Innovation & Security Research
AI-Driven Security Solutions: Architect and prototype models for:
Automated Exploitability: Checking SAST/SCA findings for validity.
AI Remediation: Automatically fixing Dockerfile misconfigurations and generating patches.
Model Detection: Identifying AI models embedded within codebases.
Benchmarking & Rigor: Design evaluation frameworks to measure model accuracy, false positives, and robustness in security contexts.
Prompt Engineering: Shape prompt strategies and workflows to translate real-world security challenges into actionable AI logic.
3. The Intersection: Collaboration & Evangelism
Cross-Functional Leadership: Serve as the technical link between the AI development team and the core security engineering team.
Thought Leadership: Author whitepapers, technical blogs, and deliver talks on the cutting edge of "AI for Systems Security."
Mentorship: Guide engineers on best practices for both low-level systems design and AI integration.
Why This Role?
No Context Switching Cost: You won't just be researching; you will be building the tools you research. You control the data collection (eBPF) and the analysis (AI).
Deep Tech Focus: This isn't a wrapper-API role. You will be dealing with kernel bypasses, memory safety, and LLM hallucinations all in the same week.
Impact: Your work will directly power the next generation of automated security remediation.