Security Researcher

About Cyera

Cyera is on a mission to protect one of the world's most valuable resources: data. Our AI-native platform gives organizations a complete view of where their data lives, how it's used, and how to keep it safe, so they can reduce risk and unlock the full value of their data, wherever it is.

Since our founding in 2021, we've grown fast—Cyera-fast—securing over $1.3 billion in funding from the biggest pockets on the planet and establishing a global team. Today, Cyera is the fastest growing data security company on the planet, trusted by the Fortune 500 and beyond.

About the Team

The
Security Team
at Cyera plays a critical role in protecting the infrastructure, products, and data our customers rely on. As a cross-functional group of experts in offensive and defensive security, we ensure that our platform is resilient, secure by design, and ahead of emerging threats. Our red teamers challenge assumptions, expose weaknesses, and help us build stronger defenses. If you're passionate about pushing the limits of modern cloud security and simulating real-world adversaries, this team is where you can have an outsized impact.

About the Role

We're looking for a skilled and mission-driven
Security Researcher – Red Team
to lead offensive security initiatives and simulate real-world cyber threats across Cyera's platform. You'll work closely with engineering, product, and security teams to uncover vulnerabilities, test detection and response capabilities, and ensure Cyera's cloud-native applications are hardened against advanced persistent threats.

In this role, you'll plan and execute red team exercises, perform application and infrastructure penetration tests, and help shape secure-by-design practices across the company.

What You'll Do

• Design and execute advanced red team exercises, simulating APT-style attacks across cloud-native applications, APIs, and services.
• Perform deep vulnerability analysis and logic assessments across multi-cloud environments.
• Identify cloud-specific misconfigurations and lateral movement vectors in AWS, GCP, and Azure.
• Develop and refine custom tools, scripts, and payloads using Python, TypeScript, and other languages.
• Leverage frameworks and tools such as Metasploit, Cobalt Strike, Mimikatz, Burp Suite, and BloodHound.
• Maintain a Persistent Penetration Testing Network (PPTN) for continuous evaluation.
• Conduct social engineering campaigns (phishing, pretexting) to assess user susceptibility.
• Collaborate with Engineering and DevSecOps to support secure product design and architecture.
• Provide clear, actionable reporting for both technical and executive audiences.
• Partner with SOC and detection teams to validate and improve detections and response coverage.
• Participate in security reviews, threat modeling, and design consultations.
• Mentor teammates on offensive techniques, cloud attack surface, and tool development.

Who You Are

Must-Haves

• You have
  5+ years
  of experience in
  offensive security, red teaming, or application penetration testing
  .
• You're proficient in testing
  cloud-native systems, web applications, and APIs
  .
• You understand the
  OWASP Top 10
  , business logic flaws, and secure application design.
• You have strong scripting or development skills in
  Python, Bash, or JavaScript
  .
• You bring deep knowledge of
  cloud environments (AWS, GCP, Azure)
  and their security controls.
• You're familiar with
  attack chains
  , lateral movement, IAM misconfigurations, and post-exploitation tactics.
• You've used tools like
  Burp Suite, Metasploit, BloodHound, or custom red team tooling
  .
• You can translate complex findings into
  clear, actionable documentation and recommendations
  .

Nice-to-Haves

• Certifications like
  OSCP, OSCE, OSEP
  , or
  cloud security credentials
  (e.g., AWS Security Specialty).
• Experience in
  mobile app security testing (iOS/Android)
  .
• Exposure to
  DevSecOps practices
  or
  CI/CD integration
  .
• Background in
  consulting or client-facing security roles
  .

Why Join Us?

At Cyera, we care about collaboration, innovation, and agility. you can bet we take "teamwork" seriously—with our inclusive and supportive culture at the forefront—and we're just as serious about nurturing Cyerans to grow, both personally and professionally.

Feel free to apply even if your experience doesn't tick every box.

We're building something special here—and we welcome Cyerans with diverse backgrounds, perspectives, and experiences.