Senior Vulnerability Researcher

Description Upwind is a next-generation Cloud Security Platform that leverages runtime context to identify and prioritize critical risks, providing precise insights and efficient cloud security management. Unlike traditional tools, Upwind uses runtime data proactively for risk prioritization and posture insights, ensuring teams focus on what truly matters. With industry-leading efficiency and eBPF-powered sensors, Upwind delivers comprehensive capabilities, including agentless cloud posture discovery, real-time threat protection, and integrated API security. From misconfigurations to malware defense, Upwind ensures end-to-end, cost-effective cloud infrastructure protection. At Upwind, you’ll have the opportunity to think creatively, explore new ideas, and use your skills to make a meaningful impact on our growth. We are looking for a highly skilled Senior Vulnerability Researcher to join our team. In this role, you will lead offensive research on our clients' assets, uncovering complex vulnerabilities and directly connecting your findings to our product to demonstrate actionable value. Beyond client-focused engagements, you will spearhead vulnerability research into cutting-edge technologies within the AI and Cloud domains. As a senior technical voice for the company, you will share your findings by writing technical blogs and representing us at industry security conferences. Key Responsibilities Conduct deep-dive offensive research on client assets to identify and exploit vulnerabilities. Bridge the gap between offensive findings and product value, demonstrating to clients how our solutions mitigate their specific risks. Perform pioneering vulnerability research on emerging technologies, specifically focusing on Cloud infrastructure and Artificial Intelligence (AI) ecosystems. Author high-quality technical blogs, whitepapers, and vulnerability reports. Represent the company by speaking and participating in leading global security conferences. Requirements Experience: 6+ years of proven experience in Offensive Security, Vulnerability Research, or Web Application Security. Proven Track Record: Demonstrated background in discovering and disclosing vulnerabilities (e.g., published CVEs, strong bug bounty profiles, or independent research). Technical Proficiency: Strong programming and scripting skills in languages such as Python, Go, C/C++, or Rust to build custom exploits and tooling. Cloud/AI Knowledge: Solid understanding of modern Cloud environments (AWS, GCP, or Azure) and a foundational understanding of AI/ML architectures and their unique attack surfaces (e.g., LLM vulnerabilities, model poisoning). Communication Skills: Exceptional written and verbal communication skills, with the ability to translate complex technical findings into clear business value for clients. Advantages Low-Level Expertise: Proven background in low-level exploitation (e.g., binary analysis, reverse engineering, memory corruption vulnerabilities).