Tenable Cloud Security was established through the acquisition of Ermetic, an innovative cloud-native application protection platform (CNAPP) company, and a leading provider of CIEM. This acquisition is a significant step in Tenable’s mission to shift organizations towards proactive security, offering market-leading contextual risk visibility, prioritization, and remediation across both on-premises and cloud infrastructures.

Your Opportunity:

Tenable Cloud Security is seeking a Senior Vulnerability Researcher. In this role, you will research various cloud assets, roles, relations, and configurations to uncover 0-day vulnerabilities in major cloud providers and technologies. You will lead innovation, solve complex problems, and develop strategies for both attacking and defending cloud environments.

Furthermore, you will be in charge of fostering and spreading Tenable Cloud Security’s technical expertise. You will present your novel work at conferences and author papers and blogs. You will also build open-source cloud security tools and solutions.

If you’re a curious, creative, technical person with an attacker’s mindset, strong systemic thinking, and a passion for taking things apart and understanding how they work, we encourage you to apply.

Your Role:

Investigate and analyze the multi-cloud stack to find 0-day vulnerabilities, security holes, weaknesses, and design flaws

Follow emerging security threats, author blogs about novel research, publish content, and speak at conferences

Conduct technical research on cloud platforms to yield new insights, theories, analyses, TTPs

Serve as a technical leader and contributor for a research team exploring emerging cloud technologies and services

What You'll Need:

7+ years of experience in cybersecurity research, vulnerability research, or offensive security

Previous work experience in finding vulnerabilities and publishing research findings

Experience with and knowledge of high-level systems, web applications, and application security

Experience with and knowledge of cloud environment architecture (AWS, Azure, GCP)

Highly motivated, great self-learner, curious, responsible and independent

Strong communication skills – written and verbal

And Ideally:

Previous experience in presenting your work at industry conferences

Experience with Kubernetes and container technology

Solid programming skills in at least one language (C, C++, Python, GO, Rust)

B.Sc. or higher in Computer Science, Software Engineering, Mathematics, or equivalent professional background

Experience with data/security analysis