Finding the best job has never been easier
ORCA Security Cloud Security Researcher Israel, Tel-Aviv District, Tel-Aviv 810862515
25.07.2025
Share
What You’ll Do:
- Track & Address Emerging Threats: Stay on top of the latest security risks and vulnerabilities in web applications, APIs, and cloud assets. Work with product and engineering teams to ensure our platform detects and mitigates these evolving threats . This includes continuously monitoring the AppSec threat landscape (CVEs, OWASP Top 10, etc.) and with our detection team – updating our product to address new risks in code and cloud environments.
- Security Research & Content Development: Conduct deep research on new vulnerabilities and attack techniques in the AppSec domain. Design and implement detection logic, rules, and signatures to catch these issues: from code flaws and secret exposures to API vulnerabilities. Your research will drive new product capabilities for code security and API security modules.
- Enhance Product Capabilities: Work closely with development and product managers to translate research findings into product features and improvements. You will help prioritize AppSec risks on the roadmap and guide the design of new scanning and detection capabilities that address critical vulnerabilities. This collaboration ensures our code scanning and API security offerings are always relevant and effective against real-world threats.
- Innovate with Tools & AI: Continuously experiment with new technologies and approaches to improve our research and detection workflows. This could mean prototyping new security scanning tools, leveraging automation and AI-driven techniques to uncover complex vulnerabilities, or integrating open-source projects to extend our capabilities. You have the freedom to think creatively and push the boundaries of how we find and mitigate application security risks.
- Thought Leadership & Knowledge Sharing: Serve as the AppSec subject-matter expert within Orca’s Research Pod. Share knowledge and best practices with internal teams, and contribute to the security community externally. You will publish research findings through technical blog posts, white-papers, and possibly present them at leading security conferences.
About you:
- 4+ years of research or analytical experience in cybersecurity, with a strong focus on application security
- Proficient in Python; Go experience is a plus
- Proficiency in SQL or similar query languages for analyzing large datasets and telemetry
- Analytical “attacker mindset” with excellent problem-solving and attention to detail
- Strong written and verbal communication, with experience publishing research or presenting at conferences
- Excellent problem-solving skills and attention to detail
- Ability to work both independently and as a team player
- Open-minded approach to thinking outside of the box
Nice to Have:
- Hands-on offensive security skills (web penetration testing, exploit development)
- Knowledge of cloud security technologies and tools in any or all major cloud providers (AWS, Azure, GCP)
- Contributions or familiarity to open-source security projects (KICS, OWASP, Semgrep)
- Familiarity with containerization and Kubernetes security
- AI/ML application in security research
These jobs might be a good fit
