Cloud Security Threat Researcher

Uptycs builds best-in-class cloud security products that leverage lightweight tools, built on open source software, to collect everything that can help detect, understand, and mitigate a wide variety of security problems. We run on laptops and cloud workloads, monitor Kubernetes and serverless containers, analyze AWS/GCP/Azure configuration and CloudTrail events, emulate threat actor behavior in cloud, containers, network, Windows, and Linux environments - you name it! We feed it into a cloud-based security analytics platform that provides comprehensive visibility, threat detection, posture management, remediation, vulnerability management and compliance tracking. We analyze petabytes of data, process millions of events per second, and run a control plane that enables continuous scanning for vulnerabilities, misconfigurations, and APT malware on all major cloud providers and hundreds of thousands of macOS, Linux, and Windows endpoints.

Uptycs enables security professionals at companies such as Comcast, Flexport and Lookout (and many more we have an NDA with!) to quickly prioritize, investigate, and respond to potential threats across a company's entire attack surface.

We’re looking for a talented Cloud Security Threat Researcher who is well-versed in red team/offensive security. The right candidate will be knowledgeable, have hands-on offensive cloud security experience, passionate about cloud security threats, energetic, thrive in a fast-paced environment, and work well in an agile team atmosphere. As part of a fast growing engineering organization, you’ll be working alongside technical product managers and security engineers who have passion for building highly scalable software products. Your R&D offensive cloud security threat contributions will be critical to shaping our overall cloud security and compliance product strategy on AWS, Azure and GCP.

What You Will Do

• Research and analyze threats related to Cloud Cloud Service Providers like AWS, GCP, Azure, Oracle, M365, etc.
• Identify and document new and existing threats to the cloud.
• Contribute to the company blog about threats facing customers of the cloud.
• Work within the Cloud Security Research team to develop new tools and techniques to exploit cloud environments.
• Assist product teams with developing new detections for threats in the Cloud or enhance existing detections.
• Help customers understand the threat landscape and provide guidance on risk mitigation.
• Work closely with engineers to prioritize and refine your deliverables. - Implement, map and correlate various compliance frameworks with cloud misconfigurations and data security risks.

What You Should Bring

• 2+ years of information security research, incident response, penetration testing, cloud security engineering, or similar experience.
• Strong understanding of security in public cloud providers like AWS, GCP, or Azure. Ideally on at least 2 of the three.
• Pentesting or Red Team experience with Active Directory, AWS, GCP, and/or Azure.
• Scripting and cloud automation experience is a plus.
• Background in bug bounty hunting and/or web application testing a plus.
• Ability to produce reports or documents related to threats in a concise format.
• Knowledge of exploitation tools or frameworks used in the cloud.
• Knowledge of relevant compliance frameworks in the cloud and how they map to threat detection.
• You can demonstrate that you are innovative, self-starter, a continuous learner, and a problem solver.
• Relevant certifications such as OSCP, GPEN, Azure Security Engineer Associate, AWS Certified Security - Specialty, GCP Professional Cloud Security Engineer, etc. are a plus.

Uptycs is an Equal Opportunity Employer. All applicants will be considered for employment without attention to race, color, religion, sexual orientation, gender identity, national origin, veteran or disability status. Uptycs is a progressive and open-minded workplace where we do not tolerate discrimination or harassment in any form. If you are smart, passionate and good at what you do, come as you are.