Senior Security Researcher, TAC Cloud

This is a fully remote position, open to applicants in Germany.

📋 Description

• Technical Analysis: Reconstruct, investigate, and monitor cloud intrusions by utilizing cloud service provider activity logs (AWS CloudTrail, Azure Activity Logs) and documenting findings.

• Improve understanding of observed cloud activities by replicating the actions in a test cloud environment.

• Develop tools to automate analysis tasks and monitor threat actors.

• Create signatures based on cloud activity (KQL, Amazon Athena), host activity (Yara), and network activity (Snort/Suricata) tailored for extensive threat hunting, detection, and tracking.

• Conduct technical analysis and reverse engineering of tools associated with threat activities in the cloud environment or related to cloud-centric intrusions.

• Intelligence Reporting: Generate high-quality, actionable intelligence reports.

• Collaborate with our interdisciplinary team to synchronize adversary and campaign tracking, while providing support to teams formulating mitigation strategies and responding to incidents.

⛳️ Requirements

• Understanding of cloud security principles, particularly identity and access management (IAM).

• Capability to reconstruct incidents from cloud activity logs provided by at least one major cloud service provider (AWS, Azure, or GCP).

• Proficiency in articulating complex technical and non-technical concepts in written, verbal, and graphical formats for diverse audiences, including actionable mitigation and detection guidance.

• Familiarity with programming and scripting languages, especially Python.

• Knowledge of reverse engineering tools (such as disassemblers, decompilers, debuggers) and processes (including unpacking malware and reconstructing code logic).

• Skill in identifying and categorizing malicious tools through the development of signatures for tracking and hunting purposes.

• Ability to analyze raw network data and create network signatures, as well as custom protocol decoders and decryption tools.

• Team-oriented attitude.

• Bonus Points: Experience in developing detections using KQL and Amazon Athena.

• Proven history of relevant experience in the cloud security sector.

• A background in intelligence is advantageous.

• Relevant cloud certifications are also a plus.

🏝️ Benefits

• Market leader in compensation and equity awards.

• Comprehensive physical and mental wellness programs.

• Competitive vacation and holiday allowances for recharging.

• Paid parental and adoption leave.

• Professional development opportunities available for all employees, regardless of level or role.

• Employee Networks, local neighborhood groups, and volunteer opportunities to foster connections.

• Dynamic office culture equipped with world-class amenities.

• Great Place to Work Certified™ across the globe.