Senior Security Researcher

Island Island · Enterprise · Tel Aviv, Israel · Product Management

Security Researcher focused on identifying and mitigating threats across browser, network, and endpoint landscapes. The role involves developing offensive tradecraft, discovering new attack vectors, writing exploits, and then engineering robust, product-level mitigations. Responsibilities include vulnerability and malware analysis, web and browser security research, supply-chain security investigation, threat intelligence correlation, and public impact through publications and conference presentations. Requires 5+ years of experience in security research or related fields, strong analytical and reverse engineering skills, and the ability to write code for automation and proof-of-concepts.

What you'd actually do

  1. Discover new attack vectors, abuse patterns, and security gaps in browsers, web applications, OS internals, and enterprise workflows.
  2. Design and implement detections, mitigations, and security policies informed by your offensive findings; close the loop from attack to protection.
  3. Perform reverse engineering on malware, exploits, and obfuscated code across Windows, macOS, and browser environments.
  4. Research techniques ranging from classic vulnerabilities (XSS, SSRF) to browser-specific primitives (extension abuse, DOM manipulation, same-origin bypasses).
  5. Investigate threats in software supply chains, including browser extension marketplaces and package registries.

Skills

Required

  • 5+ years of experience in at least one of the following: security research, vulnerability research, malware analysis, threat intelligence, or detection engineering
  • Offensive security mindset with the ability to flip to the defensive side — finding attacks and building mitigations
  • Strong analytical skills — comfortable digging into unfamiliar code, protocols, or systems and figuring out how they break
  • Familiarity with operating system internals (Windows and/or macOS)
  • Hands-on experience with reverse engineering or dynamic/static analysis tools
  • Ability to write code for automation, tooling, and proof-of-concepts
  • Strong written and verbal communication — ability to write compelling research and present at conferences

Nice to have

  • Solid understanding of web and browser security fundamentals
  • Experience with browser internals or browser extension security
  • Background in endpoint security, EDR, or DLP
  • Experience with static analysis tools (Semgrep, CodeQL, Joern, or similar)
  • Knowledge of software supply-chain attack patterns
  • Published security research — blog posts, CVEs, or conference talks (Black Hat, DEF CON, BSides, etc.)

What the JD emphasized

  • security research
  • vulnerability research
  • malware analysis
  • threat intelligence
  • detection engineering
  • offensive security
  • defensive engineering
  • reverse engineering
  • web security
  • browser security
  • supply-chain security
  • published security research