Cloud Security Researcher, Lacework Labs

At Lacework, we strive to provide a supportive, collaborative environment where people are empowered to do the best work of their careers.

Our team members enjoy solving complex problems, big sky thinking, and obsess over getting the details right—all while building bonds of teamwork and friendships that last a lifetime. We love what we do and are proud of our work to secure clouds and container environments for thousands of users worldwide.

The Lacework Labs team is growing and we need YOU! Our mission is to shed light on attacks that pose a risk to those operating in the public cloud and then integrate our knowledge into the Lacework platform.

The team is looking for a seasoned security engineer with experience discovering threats and automating solutions to operationalize this knowledge. You will have the opportunity to discover, analyze, and bring insight into all aspects of modern cloud threats to help defenders and customers run with speed and safety. You will play a critical role in evangelizing security research with the broader community and driving product efficacy. 

This is a great opportunity for someone who is extremely focused, excited, and technically adept to make a huge impact. 

To be successful you will:

• Research and discover threats to Cloud Service Provider control planes (AWS, GCP, Azure), Linux workloads, containers, and Kubernetes
• Evangelize research through blogging, public speaking, webinars, and research papers
• Assess product detection efficacy using MITRE ATT&CK matrices and other standardized methods
• Discover new attack techniques and develop detection methods for them
• Help customers understand the threat landscape and provide guidance on risk mitigation
• Develop threat intelligence related to cloud threats
• Develop open source projects for the benefit of the security community
• Collaborate across Lacework  to develop new detection models – working hand-in-hand with members of the data science and engineering teams

Minimum Qualifications: 

• 5+ years of information security research, incident response, penetration testing, or similar experience
• Public speaking and blogging experience
• Experience with AWS, GCP, or Azure
• Pentesting AWS, GCP, or Azure
• Experience with container and Kubernetes security practices
• Python, Go, Java and/or shell scripting experience
• SQL and large-scale data analysis
• Threat intelligence management experience
• Malware analysis experience (ELF experience is a plus)
• Security knowledge of operating systems, file systems, and memory on Windows, MacOS, or Linux.

Lacework is an Equal Opportunity Employer. It is the policy of Lacework to provide equal employment opportunity to all persons, regardless of age, race, religion, color, national origin, sex, political affiliations, marital status, non-disqualifying physical or mental disability, age, sexual orientation, membership, or non-membership in an employee organization, or on the basis of personal favoritism or other non-merit factors, except where otherwise provided by law