JOB DETAILS

Cloud Security Researcher (CSPM/CNAPP Product) - B2B Contract

CompanyOX Security
LocationSão José da Laje
Work ModeOn Site
PostedMarch 22, 2026
About The Company
OX Security removes risk at the source - eliminating exposures from AI code generation through cloud runtime - preventing security debt before it ever reaches production. Unlike conventional tools that cannot keep pace with modern, AI-driven development, or cloud-specific solutions that are infrastructure-only, the OX Platform pinpoints vulnerabilities at creation and remediates runtime exposures at the source.
About the Role

We’re hiring Cloud Security Researcher and engineer to help evolve our CSPM/CNAPP product. You’ll work on improving how cloud risks are discovered, modeled, prioritized, and communicated, turning diverse cloud signals into accurate, customer-ready security insights. This role is security-first: strong fundamentals and judgment matter more than “tooling.”


Responsibilities

What You’ll Do

  • Design and improve cloud security detections and enrichment logic: define what to detect, why it matters, and what evidence customers need to act.
  • Correlate multiple signals (configuration, identity, asset inventory, activity/telemetry, relationships between resources) to improve accuracy and reduce noise.
  • Validate and refine severity/prioritization so results are consistent, explainable, and aligned with real risk.
  • Use competitor analysis and customer feedback to identify opportunities and deliver product improvements with clear business impact.
  • Use AI and internal agents to accelerate development: write strong prompts, guide outputs, review/adjust generated logic and code, and turn prototypes into reliable implementations.
  • Communicate clearly with engineering/product teams: requirements, tradeoffs, release notes, and customer-facing rationale.

Requirements

What We’re Looking For

  • Strong foundation in cybersecurity
  • Hands-on experience with at least one major cloud platform (AWS preferred; Azure or GCP also valid). Comfort navigating services, permissions models, and APIs/SDK concepts.
  • Ability to translate security and customer needs into high-value product work (prioritization, impact vs effort, clear definitions of “done”).
  • Good communication skills: you can explain security decisions and tradeoffs to both technical and non-technical stakeholders.
  • Solid engineering literacy (you can read and review code, reason about reliability and edge cases). Deep coding expertise is not required.

Bonus Points For

  • Experience with CSPM/CNAPP tools, security research, or building detection/analytics pipelines.
  • Familiarity with cloud telemetry/log sources and correlating security signals.
  • Comfort with Infrastructure as Code concepts (e.g., Terraform) and cloud-native environments.


Key Skills
Cloud SecurityCSPMCNAPPSecurity DetectionsSignal CorrelationRisk PrioritizationAWSAzureGCPCloud APIsSecurity FundamentalsAI PromptingInfrastructure as CodeSecurity ResearchTelemetry AnalysisEngineering Literacy
Categories
Security & SafetyEngineeringSoftwareData & AnalyticsScience & Research
Job Information
📋Core Responsibilities
The engineer will design and improve cloud security detections and enrichment logic by correlating diverse signals to enhance accuracy and reduce noise. This includes refining severity and prioritization based on real risk and using AI tools to accelerate development and prototyping.
📋Job Type
full time
📊Experience Level
2-5
💼Company Size
191
📊Visa Sponsorship
No
💼Language
English
🏢Working Hours
40 hours
Apply Now →

You'll be redirected to
the company's application page