Find your perfect fit.

Great companies are being built by amazing teams. Come be a part of it.
At Menlo Ventures, we invest in companies that will change how we live and work. To do that, they need creative thinkers, problem solvers, builders, and business leaders. They look to Menlo for help building their teams.
Tell us more about your professional DNA to get discovered by the companies we back.

Cloud Security Research Lead

Sonrai Security

Sonrai Security

Canada · Remote
Posted on Wednesday, January 18, 2023
Sonrai Security is a rapidly growing venture-funded Saas cloud security company with over a 300% increase in revenue-customer logos and a 67% growth in employees. We were named a 2021 Gartner Cool Vendor and recently secured $50M Series C funding backed by Menlo Ventures, Polaris Partners, TenEleven Ventures, and Istari.
Candidates who join our team will have a tremendous impact on our success & mission to be the industry leader in our space. We’re looking for candidates who are passionate about solving the complex cloud security challenges posed by rapid cloud adoption with a motivated, close-knit team.
Your role as the Cloud Security Research Lead will drive the strategy, content and analytics that power the Sonrai Security platform. The public research aspect of the work serves to educate the market, demonstrating and preventing risks, when building applications on cloud-native infrastructure. The Sonrai platform will provide your team access to cloud configuration, identity entitlement, lateral movement chains, workload vulnerabilities, audit data and alerts associated with cloud deployments creating a wealth of information to form accurate detection and response mechanisms. Working with real-world cloud environments allows the time to model and test hypotheses, while real-world customer cloud deployments can provide instant feedback for the impact of your work.

The role will have the following critical functions:

  • Drive strategy for content and analytics in the Sonrai Security Platform
  • Research cloud service risks associated with vulnerabilities, misconfigurations, privilege escalation, lateral movement and other parts of the attack chain.
  • Research and implement remediation to fix individual issues and bots to automate wide-scale changes across enterprise cloud deployments.
  • Work with Product Management and Development to drive product enhancement to further your team's work
  • Work with Product Marketing on educating the industry on Cloud Risks and Threats.
  • Player/Coach for development, implementation and continual testing of platform use cases
  • 2+ years of security experience in AWS, Azure, GCP and/or OCI is required.
  • Experience in pen-testing and/or vulnerability research.
  • Experience with Python,GraphQL is an asset.

Desired candidates will have most of the following:

  • Excellent organizational skills
  • Self-driven and proactive nature
  • 2+ years of hands-on experience in cloud environments
  • Experience in vulnerability management
  • Understanding of Security frameworks such as Mitre ATT&CK Frameworks
  • Understanding of Security compliance frameworks such as CIS, NIST, etc..
  • Expert knowledge of at least two public cloud infrastructures; AWS, Azure, GCP and/or OCI
  • A thorough understanding of cloud access control concepts such as AWS IAM, Azure AD and GCP Policy
  • A reasonable understanding of Infrastructure as Code and Kubernetes
  • Desire to be an industry leader in Cloud Security
Sonrai Security and Sonrai Security (Canada) are equal opportunity employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status or any other characteristic protected by local, state, or federal laws, rules, or regulations. This posting is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee and any percentages listed are approximate. Duties, responsibilities and activities may change or new ones may be assigned at any time with or without notice.