Cloud Security Researcher

Description About Us and the Role Cyberillium offers high-end security research and R&D services for customers who want to build secure products. We conduct in-depth research, architecture design, and low-level development across a wide range of technologies. Founded by an elite group of Israeli security researchers, we deliver cutting-edge cyber solutions to enterprises of all sizes and the Israeli government. We are looking for a talented Cloud Security Researcher to join our team. In this role, you will be a driving force behind the offensive research roadmap for our mission-critical cloud infrastructure defense and managed services.  As part of our Cloud Security team, you will conduct hands-on research to uncover structural gaps, complex vulnerabilities, and deep architectural weaknesses across large-scale service providers (AWS, GCP, Azure). Your ultimate goal will be to develop a deep understanding of cloud internals and protocols like the back of your hand, translating offensive research findings into robust, secure-by-default architectures. Requirements Execute deep-dive technical research into cloud environments, specifically targeting the Cloud Service Provider’s infrastructure, such as VMs, serverless technologies, APIs, and cloud services. Critically evaluate cloud architectures to uncover complex vulnerabilities stemming from IAM flaws, API logic errors, or runtime escapes. Dig directly into the cloud services themselves (AWS, GCP, Azure) to validate their security with an attacker's skepticism, ensuring we do not take for granted that vendor tools or platforms grant absolute defense. Audit managed services and distributed systems, performing deep Root Cause Analysis and vulnerability research on both theoretical and discovered exploits to engineer effective, infrastructure-level mitigations. Proactively model advanced threat scenarios by thinking like an attacker to build better defenses. Design and create high-fidelity detection rules and strategies for subtle indicators of compromise (IoC) within cloud control planes. Skills and Experience 4+ years of hands-on experience in offensive security research, vulnerability research, red teaming, or cloud security engineering Deep, practical knowledge of at least one major cloud provider (AWS/GCP/Azure) Experience researching and exploiting vulnerabilities in serverless compute, VMs, and cloud APIs (familiarity with OS internals is preferable, but cloud-native focus is the priority) Strong understanding of cloud defense methodologies, techniques, and tools (e.g., IAM Policies, VPC and Virtualization defense, Defensive tooling like CSPM and CDR) Experience developing with C/C++/Rust An uncompromising focus on the accuracy of security controls, aiming for systemic architectural improvements rather than quick patches A quick learner, ready to work in an agile, fast-paced environment Strong communication skills in both Hebrew and English Advantages Experience and understanding of AI infrastructure and runtime - especially on the cloud. Experience with Identity Research on technologies and protocols such as AWS IdC (and IAM, Azure Entra Id, SAML, Oauth, OIDC, Kerberos), as well as offensive tooling such as Bloodhound (Azurehound) Why Cyberillium? By joining us, you’ll shape the DNA of a fast-growing company. Working with some of the best cyber talents in Israel, you will help us solve the ‘unsolvable’ problems for our highly technical clients through focused POCs, ideation, and collaboration with our research team.