Security Researcher

Job Summary :

We are seeking a seasoned Security Researcher with deep expertise in malware analysis, reverse engineering, and cloud threat research. The ideal candidate will have extensive hands-on experience analyzing advanced malware, uncovering TTPs (Techniques, Tactics, and Procedures) used by threat actors, and aligning their findings with the MITRE ATT&CK framework. The role also requires deep understanding of public cloud services (AWS, Azure, or GCP), and a keen eye for identifying vulnerabilities and emerging attack surfaces for sandbox product.

Key Responsibilities :

Perform advanced malware analysis, including unpacking, static code inspection, and dynamic behavioral profiling using industry-standard tools (e.g., IDA Pro, Ghidra, x64dbg)

Reverse engineer diverse malware families—such as trojans, ransomware, loaders, and stealers—to extract indicators of compromise (IOCs) and document threat actor tactics, techniques, and procedures (TTPs)

Malware detection and attribution using yara signature.

Track and analyze newly released cloud resource types and services, assessing associated risks and attack surface expansions.

Collaborate with Security SMEs to develop and refine threat hunting rules focused on adversary activities in the cloud control plane.

Lead and execute cloud security research projects, contributing to threat intelligence and proactive defense strategies.

Investigate customer escalations and incidents to identify false positives and false negatives.

Perform data discovery and validation to ensure high data efficacy and accuracy in detection systems.

Maintain strong awareness of vulnerabilities, threat groups, and attack trends across cloud platforms.

Automate analysis tasks and operational workflows using Python, Scala, and Linux shell scripting.

Communicate research findings effectively to engineers, analysts, and stakeholders.

Ensure research and methodologies align with industry security standards and compliance frameworks.

Adhere to high quality work standards

Responsible for maintaining Confidentiality, Integrity and Availability of Vehere’s information assets including business critical information

Skills & Qualifications :

Minimum 8 years of experience in security research and threat analysis.

Expertise in at least one major cloud provider : AWS, Azure, or GCP.

Strong knowledge of malware analysis and reverse engineering tools (e.g., IDA Pro, Ghidra, OllyDbg, Wireshark, etc.).

Experience in threat intelligence, TTP identification, and MITRE ATT&CK framework.

Solid understanding of cloud infrastructure, resource types, and control plane threats.

Hands-on programming / scripting skills in Python, Scala, and Linux Shell.

Experience in data validation and security detection tuning.

Excellent communication and collaboration skills, particularly in cross-functional teams.

Familiarity with common security compliance standards (e.g., ISO 27001, SOC 2, NIST).