Cloud Security Threat Researcher
Remote (United States)
Uptycs
Uptycs provides cloud native security with the first unified CNAPP and XDR platform. Reduce risk from threats, vulns and misconfigurations in a single UI.Uptycs enables security professionals at companies such as Comcast, Flexport and Lookout (and many more we have an NDA with!) to quickly prioritize, investigate, and respond to potential threats across a company's entire attack surface.
We’re looking for a talented Cloud Security Threat Researcher who is well-versed in red team/offensive security. The right candidate will be knowledgeable, have hands-on offensive cloud security experience, passionate about cloud security threats, energetic, thrive in a fast-paced environment, and work well in an agile team atmosphere. As part of a fast growing engineering organization, you’ll be working alongside technical product managers and security engineers who have passion for building highly scalable software products. Your R&D offensive cloud security threat contributions will be critical to shaping our overall cloud security and compliance product strategy on AWS, Azure and GCP.
What You Will Do
- Research and analyze threats related to Cloud Cloud Service Providers like AWS, GCP, Azure, Oracle, M365, etc.
- Identify and document new and existing threats to the cloud.
- Contribute to the company blog about threats facing customers of the cloud.
- Work within the Cloud Security Research team to develop new tools and techniques to exploit cloud environments.
- Assist product teams with developing new detections for threats in the Cloud or enhance existing detections.
- Help customers understand the threat landscape and provide guidance on risk mitigation.
- Work closely with engineers to prioritize and refine your deliverables. - Implement, map and correlate various compliance frameworks with cloud misconfigurations and data security risks.
What You Should Bring
- 2+ years of information security research, incident response, penetration testing, cloud security engineering, or similar experience.
- Strong understanding of security in public cloud providers like AWS, GCP, or Azure. Ideally on at least 2 of the three.
- Pentesting or Red Team experience with Active Directory, AWS, GCP, and/or Azure.
- Scripting and cloud automation experience is a plus.
- Background in bug bounty hunting and/or web application testing a plus.
- Ability to produce reports or documents related to threats in a concise format.
- Knowledge of exploitation tools or frameworks used in the cloud.
- Knowledge of relevant compliance frameworks in the cloud and how they map to threat detection.
- You can demonstrate that you are innovative, self-starter, a continuous learner, and a problem solver.
- Relevant certifications such as OSCP, GPEN, Azure Security Engineer Associate, AWS Certified Security - Specialty, GCP Professional Cloud Security Engineer, etc. are a plus.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Active Directory Agile Analytics APT Automation AWS Azure Cloud Compliance Exploit GCP GPEN Incident response Kubernetes Linux MacOS Malware Offensive security Open Source Oracle OSCP Pentesting R&D Red team Scripting Strategy Threat detection Vulnerabilities Vulnerability management Web application testing Windows
Perks/benefits: Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Security Specialist jobs
- Open Security Researcher jobs
- Open Chief Information Security Officer jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open IT Security Engineer jobs
- Open Agile-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open CISA-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open APIs-related jobs
- Open CI/CD-related jobs