Staff Security Researcher

Job Description

As a Staff Security Researcher at Menlo Security, you will drive the future of web threat protection by researching real-world web-based attacks and applying your insights to enhance Menlo s browser isolation platform. You will also lead the transformation of security research workflows using AI and agentic automation , allowing our team to operate at a radically faster and more scalable pace. Our Expectations Proactively track and research emerging online threats across the web, dark web, and attacker infrastructure to identify trends and patterns. Build AI-driven and agentic workflows to automate repetitive research tasks such as threat hunting, IOC extraction, artifact enrichment, and pattern recognition Conduct an in-depth research the telemetry for patterns to build or enhance the existing products Develop advanced detection and prevention logic embedded in our browser isolation engine and threat analysis backend pipelines Lead design and development of data pipelines and infrastructure for collecting, analyzing, and classifying high-volume web traffic Partner closely with engineering, product, and threat intelligence teams to ship research-powe'red features into production Represent Menlo Security at industry conferences and in public research disclosures Your Experience Passionate researcher with a track record of finding, analyzing, and mitigating complex web threats Strong background in browser internals, web application security and detection of real-time threats (eg, phishing, malicious redirects, credential harvesting, exploit kits) Experience analyzing web-based malware, evasive scripts, obfuscation techniques, and malicious browser extensions Familiarity with DOM analysis, browser automation, browser exploits and passive/active crawling techniques Experience in malware traffic analysis, signature writing, and working with indicators of compromise (IOCs) Strong programming skills in Python and automation desired. Knowledge of LLMs, Agentic AI workflow automation is a plus. Prior experience integrating research outputs into a production system is highly desirable Prior experience of writing research blogs and presenting in conferences is desirable Qualifications MS or PhD in Computer Science, Security, or related field (or equivalent industry experience) Minimum 7+ years in a security research or applied security engineering role Excellent written and verbal communication skills; ability to clearly articulate research findings and product impact