Security Researcher
Prague, Czechia
Veeam Software
We are looking for a Security Researcher / Threat Hunter to join our Security Engineering team to help proactively identify threats, detect malicious activity, and uncover potential risks across our SaaS platform. This role is focused on continuous improvement of our detection capabilities, threat intelligence ingestion, and the investigation of abnormal behaviors in our cloud-native environment.
Your tasks will include:
- Developing threat detection strategies and hypotheses based on emerging attack techniques, threat actor behavior, and threat intelligence
- Performing proactive threat hunts across cloud telemetry (Azure), SaaS logs, and endpoint signals to detect unknown or stealthy threats
- Researching vulnerabilities, malware trends, TTPs, and threat actor campaigns relevant to our industry and infrastructure
- Collaborating with cloud, product, and infrastructure teams to ensure logging, detection, and response capabilities are properly configured
- Tuning and optimizing detection rules and alerts in SIEM/SOAR platforms
- Building detections for cloud-native environments, including Azure Defender for Cloud, Entra ID, and Microsoft 365
- Supporting incident response investigations by providing context, enrichment, and root cause analysis
- Contributing to the development of playbooks, detection-as-code, and knowledge sharing across security and engineering teams
Technologies we work with:
- Azure Defender for Cloud, Microsoft Sentinel, Entra ID, Microsoft 365 Defender
- Microsoft Graph API, Azure Resource Graph, KQL, Sysmon
- Threat intel feeds (STIX/TAXII), Sigma rules, MITRE ATT&CK framework
- PowerShell, Python, Kusto Query Language (KQL)
- Log sources: Azure activity logs, Entra ID logs, endpoint telemetry, SaaS app logs (e.g., GitHub, Atlassian, Slack)
What we expect from you:
- 3+ years of experience in a security research, threat hunting, or SOC detection engineering role
- Strong understanding of attacker TTPs, including lateral movement, persistence, and cloud-native attack techniques
- Hands-on experience with SIEM tools (Microsoft Sentinel preferred), including writing KQL queries and custom analytics rules
- Familiarity with threat intelligence platforms and open-source tools (e.g., MISP, VirusTotal, YARA, Shodan)
- Ability to analyze logs, correlate events, and identify indicators of compromise in real-time
- Experience in cloud environments (especially Azure) and SaaS application telemetry
- A collaborative, analytical mindset and a passion for staying ahead of evolving threats
- English proficiency level sufficient to communicate with international teams
Will be an advantage:
- Experience with detection-as-code, SOAR platforms, and automating threat response
- Familiarity with MITRE D3FEND, threat modeling techniques, or cyber deception
- Contributions to threat research communities, blogs, or open-source tools
- Blue team certifications (GCTI, GCFA, GCIA, Azure Security Engineer Associate, etc.)
- Knowledge of reverse engineering, static/dynamic malware analysis
We offer:
- Premium healthcare program for you, your spouse, and your children
- Annual vacation and sick days
- Meal vouchers
- Subscription for public transportation
- Mobile phone plan
- MultiSport card
- Cafeteria Benefit Plan allowing you to customize your benefit package with an annual budget to spend on a variety of benefits such as travel, sport, wellness, and education
- Veeam Care Days – additional 24 hours for your volunteering activities
- Professional training and education, including courses and workshops, internal meetups, and unlimited access to our online learning platforms (Percipio, Athena, O’Reilly) and mentoring through our MentorLab program
Please note: If the applicant is permanently present outside of the Czech Republic, Veeam reserves the right to refuse to consider the application for a job. Remote job is only possible in case the employee is located in the Czech Republic.
#LI-EZ1
#LI-Remote
Please note that any personal data collected from you during the recruitment process will be processed in accordance with our Recruiting Privacy Notice.
The Privacy Notice sets out the basis on which the personal data collected from you, or that you provide to us, will be processed by us in connection with our recruitment processes.
By applying for this position, you consent to the processing of your personal data in accordance with our Recruiting Privacy Notice.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Analytics APIs Azure Blue team Cloud GCFA GCIA GCTI GitHub Incident response Malware MISP MITRE ATT&CK PowerShell Privacy Python Reverse engineering SaaS Sentinel SHODAN SIEM SOAR SOC Threat detection Threat intelligence Threat Research TTPs VirusTotal Vulnerabilities
Perks/benefits: Career development Team events Travel Unlimited paid time off
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.