Senior Cloud Security Researcher

Position Overview

• Location Type:
• Job Type:
• Salary:

Red Canary is a cybersecurity company dedicated to protecting organizations from cyber threats. We empower businesses to make better security decisions, allowing them to focus on their mission without fear. Our market-defining technology and expertise prevent breaches and set a new standard for partnership in the industry. We are committed to our customers and grounded in our values, recognized as a Best Place to Work.

What We Believe In

• Do what’s right for the customer
• Be kind and authentic
• Deliver great quality
• Be relentless

Challenges You'll Solve

The Red Canary Intelligence Team analyzes threats to help prioritize detection and response efforts. As a key contributor, you will investigate raw telemetry, analyze threats, and conduct open-source research to associate activity with known adversaries. A significant focus is on researching identity-based threat actors and cloud-targeted TTPs across infrastructure services (AWS, GCP, Azure) and platform services (Okta, EntraID, Kubernetes). Curiosity, adaptability, and a passion for addressing evolving threats are vital for success in this dynamic, mission-driven team.

The role requires strong collaboration, outstanding communication, and experience in open-source threat research. A solid understanding of cyber threat intelligence and adversary behaviors is essential, alongside proficiency in analytical and problem-solving skills.

Responsibilities

• Research known and emerging threats with cloud and SaaS providers, including AWS, GCP, Azure, Office 365, and Google Workspaces.
• Investigate telemetry and malicious activity to identify threats, provide context, and guide detection and response decisions.
• Collaborate with Engineers and Data Scientists to ensure relevant data from Cloud and Identity telemetry sources are properly stored and indexed for historical analysis at scale.
• Conduct open and closed-source research to associate suspicious activity with known threats and communicate threats of concern to customers.
• Process and analyze patterns and trends in detections and write actionable intelligence products to track TTPs, detection coverage, and remediation strategies.
• Define and analyze new activity clusters based on analysis of malicious and suspicious behaviors observed across our customer base.
• Produce intelligence reports and communicate actionable insights based on analysis, both internally and externally to customers and the community.
• Actively engage with internal teams, external partners, customers, and the infosec community to share knowledge and enhance collaboration.
• Respond to customer questions about threats to help them understand their threat model and what matters to them.
• Stay updated on emerging threats, suggest workflow improvements, and support customers in understanding and responding to their specific threat models.

Requirements

• Experience in open-source threat research.
• Strong collaboration and communication skills.
• Solid understanding of cyber threat intelligence and adversary behaviors.
• Proficiency in analytical and problem-solving skills.

Note: If you bring a mix of these skills, we encourage you to apply—even if you don’t meet every requirement. The role will adapt to the person who joins.