Cyber Security R&D Engineer (Senior)

ROLE OVERVIEW

We are seeking a high-caliber Research & Development Engineer to join our Cybersecurity product team. This is a full-lifecycle role — you will work side-by-side with the Product Manager from the earliest ideation stage, translate business requirements into secure architecture, prototype and build Minimum Viable Products (MVPs), and own security engineering practices throughout the entire software development lifecycle (SDLC). You will operate at the intersection of applied security research, product engineering, and DevSecOps automation, ensuring that every product we ship is built securely by design and delivered with operational confidence.

KEY RESPONSIBILITIES

1. Product Ideation & Business Alignment

▸ Collaborate with the Product Manager to translate market threats, customer pain points, and security intelligence into viable product ideas.

▸ Participate in threat landscape research and competitive analysis to validate product concepts and define differentiated value propositions.

▸ Author and review Product Business Descriptions (PBDs), ensuring technical feasibility, security scope, and alignment with organizational strategy.

▸ Define security use cases, acceptance criteria, and success metrics for proposed cybersecurity products.

▸ Contribute to business case development including effort estimation, risk assessment, and technology stack recommendations.

2. MVP & Product Development

▸ Design and develop Minimum Viable Products (MVPs) for cybersecurity solutions.

▸ Lead the architecture and implementation of backend services, APIs, data pipelines, and analytics components for security products.

▸ Build proof-of-concepts (PoCs) and technical demonstrations to validate research hypotheses and product assumptions.

▸ Maintain product backlogs with well-defined security stories, technical debt items, and research tasks in Agile/Scrum frameworks.

▸ Drive rapid iteration cycles, ensuring each sprint delivers measurable, shippable security value.

3. Software Security Engineering

▸ Apply Secure-by-Design principles across all phases of development including threat modeling (STRIDE / PASTA), secure code review, and security architecture review.

▸ Conduct or commission penetration testing, fuzzing, and red team exercises on products prior to release.

▸ Perform vulnerability research and responsible disclosure coordination for internally developed products.

▸ Ensure compliance with security standards such as OWASP Top 10, CWE/SANS Top 25, NIST 800-53, ISO 27001, and relevant regulatory frameworks.

▸ Develop and maintain security reference architectures, coding standards, and secure development guidelines.

4.DevSecOps Engineering & Automation

▸ Design and implement end-to-end DevSecOps pipelines integrating SAST, DAST, SCA, secrets scanning, container security, and IaC scanning.

▸ Automate security gates within CI/CD workflows (GitHub Actions, GitLab CI, Jenkins) to enforce policyas-code and prevent vulnerable code from reaching production.

▸ Implement infrastructure security controls using Terraform, Ansible, or equivalent IaC tools, following least-privilege and zero-trust principles.

▸ Build security observability into products from day one: structured logging, runtime detection, anomaly alerting, and incident response hooks.

▸ Manage container security (Docker, Kubernetes) including image hardening, network policies, and runtime threat detection.

▸ Establish and maintain vulnerability management programs covering dependency tracking, SBOMs, and patch management automation.

5. Security Research & Innovation

▸ Conduct applied research into emerging attack techniques, adversarial AI/ML, malware analysis, protocol exploitation, and zero-day research.

▸ Publish internal research reports, technical whitepapers, and contribute to external security conferences and publications.

▸ Evaluate, integrate, and sometimes reverse-engineer third-party security tools, threat intelligence feeds, and open-source frameworks.

▸ Stay current with CVEs, threat actor TTPs (MITRE ATT&CK), and evolving regulatory requirements impacting product design.

Requirements

Education

▸ Bachelor's degree or higher in Computer Science, Cybersecurity, Information Security, Software Engineering, or a related discipline.

Experience

▸ 4+ years of hands-on pipeline management experience with at least 3 years focused on cybersecurity product development or security engineering.

▸ Demonstrated experience building and shipping security products or tools from concept through production.

▸ Track record of working with Product Managers to define requirements, write business descriptions, and deliver MVPs.

▸ Experience implementing DevSecOps pipelines and security automation in CI/CD environments.

TECHNICAL SKILLS & COMPETENCIES

1-Languages: Python, Go, Rust, Java/Kotlin, C/C++, Bash/PowerShell, JavaScript/TypeScript

2-Security Engineering: Threat Modeling (STRIDE, PASTA), Penetration Testing, Reverse Engineering, Malware Analysis, Exploit Development

3-DevSecOps & CI/CD: GitHub Actions, GitLab CI, Jenkins, ArgoCD · SAST (SonarQube, Semgrep) · DAST (OWASP ZAP, Burp Suite) · SCA (Snyk, Dependabot)

4-Cloud & Infrastructure: AWS / Azure / GCP security services · Terraform · Kubernetes · Docker · Service Mesh (Istio) · Zero-Trust Architecture

5-Security Platforms: SIEM (Splunk, Elastic/ELK) · SOAR · EDR/XDR · Vulnerability Management (Tenable, Qualys) · MITRE ATT&CK

6-Data & Analytics: Security data engineering, Kafka, Elasticsearch, threat intelligence pipelines, ML-based anomaly detection

7-Standards & Frameworks: NIST CSF / 800-53 · ISO 27001 · OWASP · SOC 2 · GDPR · PCI-DSS · CIS Benchmarks

8-Methodologies: Agile / Scrum · Secure SDLC · Design Thinking · DevOps · Shift-Left Security · Risk-Based Prioritization

PREFERRED CERTIFICATIONS

▸ OSCP – Offensive Security Certified Professional

▸ CISSP – Certified Information Systems Security Professional

▸ CEH – Certified Ethical Hacker

▸ CSSLP – Certified Secure Software Lifecycle Professional

▸ AWS / Azure / GCP Security Specialty Certifications

▸ CKS – Certified Kubernetes Security Specialist

▸ GREM – GIAC Reverse Engineering Malware

BEHAVIORAL COMPETENCIES

▸ Product Thinking: Connects security engineering decisions to business outcomes and user value.

▸ Research Rigor: Approaches problems with intellectual curiosity, forming and testing hypotheses systematically.

▸ Communication: Translates complex security topics into clear business language for executive and nontechnical audiences.

▸ Collaboration: Works effectively in cross-functional teams spanning product, engineering, legal, and operations.

▸ Ownership: Takes end-to-end accountability for features and products, from design through postrelease monitoring.

▸ Adaptability: Thrives in a fast-paced R&D environment where priorities evolve with the threat landscape.

▸ Security Mindset: Consistently applies adversarial thinking to identify risk before it becomes exploitable