Staff Security Researcher

Menlo Security's mission is enabling the world to connect, communicate and collaborate securely without compromise. COVID-19 has made our mission all the more real. We support customers across various enterprises including Fortune 500 companies, 9/10 of the largest global banks and the Department of Defense.

The world has fundamentally changed. We are growing from 400 employees into the next phase of our journey, and we need passionate talent filled with empathy and agility. The right candidate for the job is ethical, hyper-organized, fanatical about seeing things through to completion, service-oriented, and humble enough to take feedback and coaching yet confident enough to provide feedback and coaching.

Menlo is well-funded for growth and our investors are second to none. They include Vista Equity Partners (“Vista”), General Catalyst, JPMC, American Express, HSBC, and Ericsson Ventures.

About Menlo Security

Menlo Security protects organizations from cyber threats by isolating all web and email traffic in the cloud, eliminating malware before it reaches users. Our Isolation Core™ platform secures some of the world’s largest enterprises without compromising performance. Join us to help build the future of threat prevention at scale.

Your Impact

As a Staff Security Researcher at Menlo Security, you will drive the future of web threat protection by researching real-world web-based attacks and applying your insights to enhance Menlo’s browser isolation platform. You will also lead the transformation of security research workflows using AI and agentic automation, allowing our team to operate at a radically faster and more scalable pace.

Our Expectations

● Proactively track and research emerging online threats across the web, dark web, and attacker infrastructure to identify trends and patterns.

● Build AI-driven and agentic workflows to automate repetitive research tasks such as threat hunting, IOC extraction, artifact enrichment, and pattern recognition

● Conduct an in-depth research the telemetry for patterns to build or enhance the existing products

● Develop advanced detection and prevention logic embedded in our browser isolation engine and threat analysis backend pipelines

● Lead design and development of data pipelines and infrastructure for collecting, analyzing, and classifying high-volume web traffic

● Partner closely with engineering, product, and threat intelligence teams to ship research-powered features into production

● Represent Menlo Security at industry conferences and in public research disclosures Your Experience

● Passionate researcher with a track record of finding, analyzing, and mitigating complex web threats

● Strong background in browser internals, web application security and detection of real-time threats (e.g., phishing, malicious redirects, credential harvesting, exploit kits)

● Experience analyzing web-based malware, evasive scripts, obfuscation techniques, and malicious browser extensions

● Familiarity with DOM analysis, browser automation, browser exploits and passive/active crawling techniques

● Experience in malware traffic analysis, signature writing, and working with indicators of compromise (IOCs)

● Strong programming skills in Python and automation desired.

● Knowledge of LLMs, Agentic AI workflow automation is a plus.

● Prior experience integrating research outputs into a production system is highly desirable

● Prior experience of writing research blogs and presenting in conferences is desirable

Qualifications

● MS or PhD in Computer Science, Security, or related field (or equivalent industry experience)

● Minimum 7+ years in a security research or applied security engineering role

● Excellent written and verbal communication skills; ability to clearly articulate research findings and product impact

Why Menlo?

Our culture is collaborative, inclusive, and fun! We have five core values: Stay Aligned, Get It Done, Customer Empathy, Think Creatively and Help Each Other Out. We believe in open communication, supporting new ideas, and sharing a mutual mindset of what we’re aiming to achieve together. There are tremendous opportunities to take initiative, implement new ideas, and have a hand in building a legacy.

All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.

TO ALL AGENCIES: Please, no phone calls or emails to any employee of Menlo Security outside of the Talent organization. Menlo Security’s policy is to only accept resumes from agencies via Ashby (ATS). Agencies must have a valid services agreement executed and must have been assigned by the Talent team to a specific requisition. Any resume submitted outside of this process will be deemed the sole property of Menlo Security. In the event a candidate submitted outside of this policy is hired, no fee or payment will be paid.