Big Ideas. Real People.
At Orca, in the right environment and with the right team, talent has no boundaries. This team spirit, together with our drive to always aim high, has quickly earned us unicorn status and turned us into a global cloud security innovation leader. So if you’re ready to join an amazing team of people who inspire each other every day, now is the time to find your place in our pod.
We’re looking for driven and talented people like you to join our team and our mission to change the future of cloud security. Ready to dive in and swim with our pod?
Highlights
- High-growth: Over the past Seven years, we’ve consistently achieved milestones that take other companies a decade or more. During this time, we’ve significantly grown our employee base, expanded our customer reach, and rapidly advanced our product capabilities.
- Disruptive innovation: Our founders saw that traditional security didn’t work for the cloud, so they set out to carve a new path. We’re relentless pioneers who invented agentless technology and continue to be the most comprehensive and innovative cloud security company.
- Well-capitalized: With a valuation of $1.8 billion, Orca is a cybersecurity unicorn dominating the cloud security space. We’re backed by an impressive team of investors such as Capital G, ICONIQ, GGV, and SVCI, a syndicate of CISOs who invest their own money after conducting their due diligence.
- Respectful and transparent culture: Our executives pride themselves on being accessible to everyone and believe in sharing knowledge with the employees. Each employee has a place in shaping the future of our industry.
About the role
Cloud Security Researcher - Runtime & Threat ResearchWe're looking for a Cloud Security Researcher to drive runtime threat research for Orca's Cloud Detection and Response (CDR) capabilities - understanding how attackers behave inside live cloud workloads and turning that into detections that protect our customers. As a senior member of the team, you'll also mentor our junior researcher. On a typical day you'll:
- Research attacker tradecraft against live cloud workloads - compute, containers, Kubernetes, serverless - covering execution, privilege escalation, persistence, lateral movement, and evasion
- Analyze telemetry from AWS CloudTrail, GCP Audit Logs, Azure Activity Logs, and runtime/sensor data to investigate threats and translate findings into detection logic
- Partner with sensor and detection engineers on feasibility, coverage, and signal quality
- Run threat simulations and attack emulation to validate coverage and surface gaps
- Track emerging threats and CVEs across AWS, Azure, and GCP, feeding them into detection priorities
- Produce externally publishable research - blog posts, whitepapers, threat reports - and represent Orca at conferences and webinars
- Mentor our junior researcher in detection engineering, runtime analysis, and research rigor
- 4+ years in security research, threat research, or detection engineering, ideally in cloud/cloud-native environments
- Strong Linux and cloud infrastructure foundation, with an attacker-oriented mindset
- Deep familiarity with attacker TTPs (MITRE ATT&CK for Cloud/Containers)
- Hands-on experience turning runtime, host, and network security events into detections
- Proficiency in Python (Go a plus)
- Track record of, or clear appetite for, mentoring
- Strong written and spoken English, with the ability to explain complex topics clearly
- eBPF/runtime sensor experience, Linux kernel internals
- Kubernetes/container, API, or application security background
- Offensive security, red teaming, or vulnerability research experience
- Large-scale telemetry analysis (SQL/Elastic)
- AI/ML-assisted security research experience
- Conference speaking, published research, CVEs, or open-source contributions