Security Researcher

About Cyera  

Cyera is on a mission to protect one of the world's most valuable resources: data. Our AI-native platform gives organizations a complete view of where their data lives, how it's used, and how to keep it safe, so they can reduce risk and unlock the full value of their data, wherever it is.

Since our founding in 2021, we've grown fast- Cyera-fast - securing over $1.3 billion in funding from the biggest pockets on the planet and establishing a global team. Today, Cyera is the fastest growing data security company on the planet, trusted by the Fortune 500 and beyond.

About the Role

We are seeking a highly skilled and experienced Security Researcher - Red Team to join our security team. In this role, you will lead offensive security initiatives focused on identifying vulnerabilities, assessing application logic, and helping to build more secure products for our clients. You will collaborate closely with engineering, product, and security teams to simulate real-world threats, uncover weaknesses, and ensure our applications are secure by design.

Key Responsibilities

• Plan and execute controlled cyber adversary attacks to test security defenses, monitoring capabilities, and incident response effectiveness on cloud-native applications, APIs, and services.
• Identify, analyze, and document vulnerabilities across our product suite and multi-cloud environments.
• Perform business logic assessments to uncover flaws that automated tools might miss.
• Develop and execute red team exercises, simulating advanced persistent threat (APT) scenarios tailored to cloud environments.
• Collaborate with security engineering, development and DevSecOps teams to provide secure architecture guidance and remediation strategies.
• Assist in designing and reviewing secure applications and services for clients from the ground up.
• Leverage scripting skills in Python, TypeScript, and similar to develop and refine custom attack tools, scripts, and exploit payloads to simulate real-world cyber threats.
• Use Red Team frameworks and tools such as Cobalt Strike, Metasploit, Empire, Covenant, BloodHound, Mimikatz, Burp Suite, and Kali Linux
• Maintain a Persistent Penetration Testing Network (PPTN) for ongoing security assessments.
• Leverage social engineering tactics such as phishing, spear-phishing, and pretexting to assess user awareness and susceptibility to attacks
• Provide detailed technical reports and clear executive summaries for vulnerabilities and red team findings.
• Stay current with offensive security tactics, zero-days, and emerging threat actor techniques.
• Participate in security reviews and threat modeling for features and client-facing solutions.
• Go beyond ASM and vulnerability scanning tools to lead red team assessments and penetration tests playing a critical role in their success.
• Work closely with internal / external SoC teams to evaluate and tune detections and ensure adequate coverage post red team operations and engagements.
• Collaborate with stakeholders to scope prospective engagements and provide thorough briefings and after action reviews once assessment activities are complete. 
• Provide guidance on vulnerability remediation and track progress through to completion.
• Lead and drive the analysis and remediation prioritization for product related vulnerability landscape; including but not limited to preparing customer facing reporting and vulnerability analysis for ancillary product components that are critical to customer product deployment architectures. 

Demonstrate a team-oriented mindset adept at learning the latest technologies; train and mentor less experienced team members on penetration tactics and techniques.

Must-Have:

• 5+ years of experience in application security, red teaming, or offensive security.
• Strong hands-on experience in penetration testing of web apps, APIs, and cloud-native systems.
• Deep understanding of OWASP Top 10, business logic flaws, and secure software design.
• Proficiency in scripting or development (Python, Bash, JavaScript, etc.).
• Advanced knowledge of cloud platforms — GCP, Azure, and AWS — including their security services and common misconfigurations.
• Familiarity with cloud-native attack vectors, cloud IAM misconfigurations, and lateral movement in multi-cloud environments.
• Experience with common security testing tools (e.g., Burp Suite, Nmap, Metasploit, custom scripts).
• Strong communication and documentation skills to translate complex findings into actionable insights.

Nice to Have:

• Certifications such as OSCP, OSCE, OSEP, or cloud-specific credentials (e.g., AWS 
• Security Specialty, Azure Security Engineer, GCP Professional Cloud Security Engineer).
• Experience with mobile app security testing (iOS/Android).
• Exposure to DevSecOps practices and CI/CD integration.

Background in consulting or client-facing security roles.