Security Engineering Researcher

We're hiring a Software Engineer and Security Researcher to help build our top-tier cybersecurity product. This is a hybrid role by design: a strong software engineer who also brings a deep cybersecurity background. Strong engineering velocity is how features get

shipped; serious security expertise is how those features get shipped right. You should have an understanding of how attackers and defenders actually operate. The product space is CSPM/CNAPP-related, but extends beyond it. Expect to work across cloud posture, identity, attack paths, prioritization, detection, and adjacent areas as the product evolves. The pace is high. AI is part of how we work, every day.
 

Responsibilities

• Design, build, and ship product features end-to-end: from security research to architecture and production code to release.
• Apply cybersecurity expertise to every feature decision: what to detect, how to model risk, what makes a finding actionable, where customers will be misled by noise, and how to translate raw cloud signal into something a security team can trust and act on.
• Own cloud security capabilities across CSPM and beyond: posture, identity, attack paths, severity/prioritization, detections, and emerging areas of the platform.
• Drive AI into the development loop. Use coding agents and LLM tools as a core part of how you design, prototype, build, debug, review, and document. Write strong prompts, evaluate outputs critically, and turn AI-generated work into production-quality code and logic.
• Move fast, with judgment. Make tradeoffs explicit, ship iteratively, and learn from real customer signals.
• Collaborate closely with product, research, and engineering peers: clear written specs, sharp communication, clean handoffs, customer-facing rationale.
   

Requirements

• 5+ years as a software engineer. You design systems, write production code, reason about reliability and edge cases, and own delivery end-to-end.
• Strong cybersecurity foundation. You understand threats, controls, identity, cloud risk, and why a “finding” is or isn’t worth a customer’s attention. This is what makes your feature decisions land.
• Hands-on experience developing with AI / AI-driven development. This is a MUST. You have meaningfully shipped work where coding agents, LLM tools, or in-IDE AI assistants were a core part of how you built it. You can speak in detail about what worked, what didn’t, and how you got real leverage out of these tools.
• Experience with at least one major cloud platform (AWS preferred; Azure or GCP also valid).
• Comfortable operating at high pace: small batches, fast iteration, willingness to cut scope to ship, calm under pressure.
• Strong communication: you can explain engineering and security tradeoffs to both technical and non-technical stakeholders.

Nice to Have

• Experience building CSPM/CNAPP products, cloud security detection/analytics pipelines, or other top-tier security products.
• Experience building or fine-tuning AI-powered developer workflows: custom agents, pipelines, evals, internal AI tooling, prompt frameworks.
• Familiarity with cloud telemetry/log sources and correlating security signals across configuration, identity, and activity.
• Infrastructure-as-Code (e.g., Terraform) and cloud-native development experience.
• Prior security research background: vulnerability research, threat research, or detection engineering.