התפקיד במילים פשוטות
התפקיד כולל מחקר אבטחתי התקפי והגנתי כאחד, תוך התמקדות באיתור וניטרול איומים בדפדפנים, רשתות ונקודות קצה. החוקר יפתח טכניקות תקיפה חדשות וישתמש בתובנות אלו כדי לתכנן וליישם הגנות חזקות ברמת המוצר. העבודה כוללת ניתוח תוכנות זדוניות, חקר אבטחת ווב ודפדפנים, וחקירת איומים בשרשרת האספקה.
- 5+ years of experience in at least one of the following: security research, vulnerability research, malware analysis, threat intelligence, or detection engineering
- Offensive security mindset with the ability to flip to the defensive side — finding attacks and building mitigations
- Strong analytical skills — comfortable digging into unfamiliar code, protocols, or systems and figuring out how they break
- Familiarity with operating system internals (Windows and/or macOS)
- Hands-on experience with reverse engineering or dynamic/static analysis tools
- Solid understanding of web and browser security fundamentals
- Experience with browser internals or browser extension security
- Background in endpoint security, EDR, or DLP
- Experience with static analysis tools (Semgrep, CodeQL, Joern, or similar)
- Knowledge of software supply-chain attack patterns
חולץ מתיאור המשרה · מתעדכן אוטומטית
למי זה מתאים
התפקיד מתאים לחוקרי אבטחה עם ניסיון של 5+ שנים במחקר אבטחה, ניתוח תוכנות זדוניות או הנדסת זיהוי, בעלי חשיבה התקפית ויכולת לעבור לצד ההגנתי. נדרשות יכולות אנליטיות חזקות, היכרות עם מערכות הפעלה פנימיות (Windows ו/או macOS), ניסיון בהנדסה לאחור וכתיבת קוד לאוטומציה.
תיאור המשרה המלא
המשרה המקורית · נשמר לעיוןIsland is the ideal environment for enterprise work, where security is everywhere without ever getting in the way. The Island Enterprise Platform unifies AI enablement, network access, data protection, identity, and endpoint control into one coherent workspace—so organizations get universal visibility and control, and users get a fast, fluid, beautifully simple experience. It's not just a better way to secure work. It's a better way to work. Backed by investors like Coatue Management, Insight Partners, Sequoia Capital and Cyberstarts, and trusted by some of the largest, most respected enterprises on the planet, Island is redefining what the modern workplace can be. Come join us in building something that's already changing how the world works. About the Team We are Island's security research team, dedicated to identifying and mitigating threats across the browser, network, and endpoint landscape. Our research directly shapes the security capabilities of Island's enterprise platform—from detection logic to protective controls. We operate with a purple team mindset : we think like attackers to build superior defenses. At Island, the cycle is complete—the same researcher who discovers a novel vulnerability or attack technique is the one who designs the detections and product features to neutralize it. The Role We are looking for a Security Researcher who thrives on both sides of the fence. You will develop offensive tradecraft—discovering new attack vectors and writing exploits—then use that perspective to engineer robust, product-level mitigations. If you’re energized by finding a novel browser attack on Monday and shipping the defense for it by Friday, this role is for you. Key Responsibilities Offensive Research: Discover new attack vectors, abuse patterns, and security gaps in browsers, web applications, OS internals, and enterprise workflows. Defensive Engineering: Design and implement detections, mitigations, and security policies informed by your offensive findings; close the loop from attack to protection. Vulnerability & Malware Analysis: Perform reverse engineering on malware, exploits, and obfuscated code across Windows, macOS, and browser environments. Web & Browser Security: Research techniques ranging from classic vulnerabilities (XSS, SSRF) to browser-specific primitives (extension abuse, DOM manipulation, same-origin bypasses). Supply-Chain Security: Investigate threats in software supply chains, including browser extension marketplaces and package registries. Threat Intelligence: Correlate signals across multiple sources to identify malicious infrastructure and adversary TTPs. Public Impact: Write technical blog posts, publish research, and represent Island at major security conferences (Black Hat, DEF CON, etc.).
Requirements: Requirements: 5+ years of experience in at least one of the following: security research, vulnerability research, malware analysis, threat intelligence, or detection engineering Offensive security mindset with the ability to flip to the defensive side — finding attacks and building mitigations Strong analytical skills — comfortable digging into unfamiliar code, protocols, or systems and figuring out how they break Familiarity with operating system internals (Windows and/or macOS) Hands-on experience with reverse engineering or dynamic/static analysis tools Ability to write code for automation, tooling, and proof-of-concepts Strong written and verbal communication — ability to write compelling research and present at conferences Nice to have: Solid understanding of web and browser security fundamentals Experience with browser internals or browser extension security Background in endpoint security, EDR, or DLP Experience with static analysis tools (Semgrep, CodeQL, Joern, or similar) Knowledge of software supply-chain attack patterns Published security research — blog posts, CVEs, or conference talks (Black Hat, DEF CON, BSides, etc.)
שאלות על המשרה
- המשרה לא ציינה שכר. אנחנו מציגים שכר רק כשהמעסיק מפרסם אותו.
- 5+ years of experience in at least one of the following: security research, vulnerability research, malware analysis, threat intelligence, or detection engineering, Offensive security mindset with the ability to flip to the defensive side — finding attacks and building mitigations, Strong analytical skills — comfortable digging into unfamiliar code, protocols, or systems and figuring out how they break, Familiarity with operating system internals (Windows and/or macOS), Hands-on experience with reverse engineering or dynamic/static analysis tools