Cloud Security Threat Researcher

Remote (United States)

Applications have closed

Uptycs

Uptycs provides cloud native security with the first unified CNAPP and XDR platform. Reduce risk from threats, vulns and misconfigurations in a single UI.

View company page

Uptycs builds best-in-class cloud security products that leverage lightweight tools, built on open source software, to collect everything that can help detect, understand, and mitigate a wide variety of security problems. We run on laptops and cloud workloads, monitor Kubernetes and serverless containers, analyze AWS/GCP/Azure configuration and CloudTrail events, emulate threat actor behavior in cloud, containers, network, Windows, and Linux environments - you name it! We feed it into a cloud-based security analytics platform that provides comprehensive visibility, threat detection, posture management, remediation, vulnerability management and compliance tracking. We analyze petabytes of data, process millions of events per second, and run a control plane that enables continuous scanning for vulnerabilities, misconfigurations, and APT malware on all major cloud providers and hundreds of thousands of macOS, Linux, and Windows endpoints.
Uptycs enables security professionals at companies such as Comcast, Flexport and Lookout (and many more we have an NDA with!) to quickly prioritize, investigate, and respond to potential threats across a company's entire attack surface.
We’re looking for a talented Cloud Security Threat Researcher who is well-versed in red team/offensive security. The right candidate will be knowledgeable, have hands-on offensive cloud security experience, passionate about cloud security threats, energetic, thrive in a fast-paced environment, and work well in an agile team atmosphere. As part of a fast growing engineering organization, you’ll be working alongside technical product managers and security engineers who have passion for building highly scalable software products. Your R&D offensive cloud security threat contributions will be critical to shaping our overall cloud security and compliance product strategy on AWS, Azure and GCP.

What You Will Do

  • Research and analyze threats related to Cloud Cloud Service Providers like AWS, GCP, Azure, Oracle, M365, etc.
  • Identify and document new and existing threats to the cloud.
  • Contribute to the company blog about threats facing customers of the cloud.
  • Work within the Cloud Security Research team to develop new tools and techniques to exploit cloud environments.
  • Assist product teams with developing new detections for threats in the Cloud or enhance existing detections.
  • Help customers understand the threat landscape and provide guidance on risk mitigation.
  • Work closely with engineers to prioritize and refine your deliverables. - Implement, map and correlate various compliance frameworks with cloud misconfigurations and data security risks.

What You Should Bring

  • 2+ years of information security research, incident response, penetration testing, cloud security engineering, or similar experience.
  • Strong understanding of security in public cloud providers like AWS, GCP, or Azure. Ideally on at least 2 of the three.
  • Pentesting or Red Team experience with Active Directory, AWS, GCP, and/or Azure.
  • Scripting and cloud automation experience is a plus.
  • Background in bug bounty hunting and/or web application testing a plus.
  • Ability to produce reports or documents related to threats in a concise format.
  • Knowledge of exploitation tools or frameworks used in the cloud.
  • Knowledge of relevant compliance frameworks in the cloud and how they map to threat detection.
  • You can demonstrate that you are innovative, self-starter, a continuous learner, and a problem solver.
  • Relevant certifications such as OSCP, GPEN, Azure Security Engineer Associate, AWS Certified Security - Specialty, GCP Professional Cloud Security Engineer, etc. are a plus.
Uptycs is an Equal Opportunity Employer. All applicants will be considered for employment without attention to race, color, religion, sexual orientation, gender identity, national origin, veteran or disability status. Uptycs is a progressive and open-minded workplace where we do not tolerate discrimination or harassment in any form. If you are smart, passionate and good at what you do, come as you are.

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Active Directory Agile Analytics APT Automation AWS Azure Cloud Compliance Exploit GCP GPEN Incident response Kubernetes Linux MacOS Malware Offensive security Open Source Oracle OSCP Pentesting R&D Red team Scripting Strategy Threat detection Vulnerabilities Vulnerability management Web application testing Windows

Perks/benefits: Team events

Regions: Remote/Anywhere North America
Country: United States
Job stats:  41  3  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.