Security Researcher

Veeam, the #1 global market leader in data resilience, believes businesses should control all their data whenever and wherever they need it. Veeam provides data resilience through data backup, data recovery, data portability, data security, and data intelligence. Based in Seattle, Veeam protects over 550,000 customers worldwide who trust Veeam to keep their businesses running.

We are looking for a Security Researcher / Threat Hunter to join our Security Engineering team to help proactively identify threats, detect malicious activity, and uncover potential risks across our SaaS platform. This role is focused on continuous improvement of our detection capabilities, threat intelligence ingestion, and the investigation of abnormal behaviors in our cloud-native environment.

Your tasks will include:

• Developing threat detection strategies and hypotheses based on emerging attack techniques, threat actor behavior, and threat intelligence
• Performing proactive threat hunts across cloud telemetry (Azure), SaaS logs, and endpoint signals to detect unknown or stealthy threats
• Researching vulnerabilities, malware trends, TTPs, and threat actor campaigns relevant to our industry and infrastructure
• Collaborating with cloud, product, and infrastructure teams to ensure logging, detection, and response capabilities are properly configured
• Tuning and optimizing detection rules and alerts in SIEM/SOAR platforms
• Building detections for cloud-native environments, including Azure Defender for Cloud, Entra ID, and Microsoft 365
• Supporting incident response investigations by providing context, enrichment, and root cause analysis
• Contributing to the development of playbooks, detection-as-code, and knowledge sharing across security and engineering teams

Technologies we work with:

• Azure Defender for Cloud, Microsoft Sentinel, Entra ID, Microsoft 365 Defender
• Microsoft Graph API, Azure Resource Graph, KQL, Sysmon
• Threat intel feeds (STIX/TAXII), Sigma rules, MITRE ATT&CK framework
• PowerShell, Python, Kusto Query Language (KQL)
• Log sources: Azure activity logs, Entra ID logs, endpoint telemetry, SaaS app logs (e.g., GitHub, Atlassian, Slack)

What we expect from you:

• 3+ years of experience in a security research, threat hunting, or SOC detection engineering role
• Strong understanding of attacker TTPs, including lateral movement, persistence, and cloud-native attack techniques
• Hands-on experience with SIEM tools (Microsoft Sentinel preferred), including writing KQL queries and custom analytics rules
• Familiarity with threat intelligence platforms and open-source tools (e.g., MISP, VirusTotal, YARA, Shodan)
• Ability to analyze logs, correlate events, and identify indicators of compromise in real-time
• Experience in cloud environments (especially Azure) and SaaS application telemetry
• A collaborative, analytical mindset and a passion for staying ahead of evolving threats
• English proficiency level sufficient to communicate with international teams

Will be an advantage:

• Experience with detection-as-code, SOAR platforms, and automating threat response
• Familiarity with MITRE D3FEND, threat modeling techniques, or cyber deception
• Contributions to threat research communities, blogs, or open-source tools
• Blue team certifications (GCTI, GCFA, GCIA, Azure Security Engineer Associate, etc.)
• Knowledge of reverse engineering, static/dynamic malware analysis  

We offer:

• Premium healthcare program for you, your spouse, and your children
• Annual vacation and sick days
• Meal vouchers
• Subscription for public transportation
• Mobile phone plan
• MultiSport card
• Cafeteria Benefit Plan allowing you to customize your benefit package with an annual budget to spend on a variety of benefits such as travel, sport, wellness, and education
• Veeam Care Days – additional 24 hours for your volunteering activities
• Professional training and education, including courses and workshops, internal meetups, and unlimited access to our online learning platforms (Percipio, Athena, O’Reilly) and mentoring through our MentorLab program

Please note: If the applicant is permanently present outside of the Czech Republic, Veeam reserves the right to refuse to consider the application for a job. Remote job is only possible in case the employee is located in the Czech Republic.

#LI-EZ1
#LI-Remote

Veeam Software is an equal opportunity employer and does not tolerate discrimination in any form on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state or local law. All your information will be kept confidential.

Please note that any personal data collected from you during the recruitment process will be processed in accordance with our Recruiting Privacy Notice.  

The Privacy Notice sets out the basis on which the personal data collected from you, or that you provide to us, will be processed by us in connection with our recruitment processes. 

By applying for this position, you consent to the processing of your personal data in accordance with our Recruiting Privacy Notice.