Security Researcher in United State

Security Researcher - Central London or Fully Remote

Our product helps security teams quickly and accurately detect intrusions in their cloud environment using canaries - decoys deployed to deceive attackers.

Our research has already made an impact:

• We've disclosed vulnerabilities in Google's Gemini CLI 
• Published research on AWS account enumeration techniques and how to exfiltrate data via Cloudtrail

We work with some of the world's leading security teams at companies like Snyk, Riot Games, and Docker.

We're at a key stage: we need someone to expand and formalize our research function, turning findings into actionable insights and engaging content while helping Tracebit contribute to the wider security community.

5+ years in offensive security or vulnerability research with deep focus on cloud platforms (AWS, Azure, GCP). You've found and disclosed vulnerabilities before.

Published security researcher. Track record of blog posts, conference talks, CVEs, or bug bounty submissions. You know how to communicate technical findings clearly.

Technical. Comfortable writing and reading code, and analysing data. You can write scripts, build tooling, and create detection rules.

Self-directed. You're excited to build a research practice from scratch without perfect processes or large teams.

Reporting to Sam, our CTO and Co-Founder, you'll expand our security research practice and conduct novel research that directly improves our product.

Your core focus:

• Conduct deep technical research into complex cloud services to uncover novel attack vectors.
• Investigate real-world attacks across cloud environments, identity providers (IDPs), and infrastructure-as-a-service (IaaS) platforms.
• Help our team design new canary types and improve our product based on your research.
• Publish research through blog posts, conference talks (BlackHat, RSA, BSides, fwd:cloudsec), and community engagement.
• Monitor the threat landscape and proactively research emerging attack techniques to write detections and blog posts
• Represent Tracebit at industry conferences globally and build relationships with other researchers.

You'll find attack vectors, write content, and see our engineering team deploy your findings to protect customers.

Where is the office?

The whole team works together in an office right next to Warren Street tube station - there are lots of great places to grab lunch nearby.

Are you doing hybrid/remote?

This role can be based either in our London office or fully remote.

We are an office-first company - all of our team works together in London 5 days a week. However, we're making an exception for this role given the nature of the work and the need to hire the best talent in this space.

If you're based in London, you'll work from our office. If you're remote, we expect you to visit London at least quarterly to collaborate with the team in person.

What are the working hours like?

We think 9am-6pm will bring a great cadence to work. As a Security Researcher there will definitely be times you need to pick up work outside of these hours, we're keen to limit this where we can but also offer flexibility in return.

Can you sponsor visas?

We can support various types of working visas in the UK, including:

• Skilled Worker Visa (both from within and outside the UK)
• Intra-Company Transfer Visa
• Graduate Visa Transition

We are keen to support candidates who require visa sponsorship. Please let us know which specific visa type you might need during the initial application or interview process. Our team is committed to helping talented individuals navigate the necessary visa requirements.