Security Threat Researcher

At WideField Security, our mission is simple and ambitious: we stop identity breaches.

Eighty percent of today's attacks start with an identity incident, yet enterprises still lack visibility and control over how identities are used, shared, and abused. WideField was founded to solve this problem by providing a new layer of protection focused on identities in use.

Our platform continuously monitors every human and non-human session across applications and cloud environments to detect identity-based threats in real time.

We are an early-stage, high-growth cybersecurity startup backed by Crosspoint Capital Partners and Engineering Capital. We have already achieved early success with enterprise customers who believe that the next frontier of security lies in protecting identities, not just credentials.

As the Security Threat Researcher you will:

• Adversary Simulation and Detection Efficacy Testing:

• Design and execute realistic red team exercises, including testing scenarios against critical third-party services (IAM/ Iaas/Saas).

• Simulate sophisticated identity theft attacks (e.g., using techniques like AiTM with tools like Evilginx or simulating Infostealer activities) to find ways to steal credentials and gain unauthorized access.
• Operate within controlled test environments leveraging technologies such as EDR/Iaas/Saas.
• Generate authentic logs from successful attack simulations to train and validate our product's detection models.
• Develop new and novel attack variations to test the resilience and potential bypasses of existing detection mechanisms.

• Manual Threat Hunting and Intelligence:

• Conduct deep-dive manual threat hunting exercises within test systems and identify nascent or existing adversary TTPs not yet covered by automated detections.

• Synthesize hunting findings to provide actionable input for the development of new, high-fidelity security detections.

• Product Security Enhancement:

• Proactively research and find vulnerabilities within our core product and infrastructure.

• Examine the product from the perspective of a motivated attacker to identify weaknesses in design, implementation, and deployment.
• Perform assisted penetration testing (leveraging source code knowledge) and internal red-team exercises with the engineering teams to harden the product before release.

• Dark Web and Open Source Threat Intelligence (OSINT):

• Monitor dark web forums, marketplaces, and other restricted communities to find information on relevant threat actor activities, data breaches, and emerging TTPs.

• Translate gathered threat intelligence into practical recommendations and TTPs for product testing and feature development.

• Red Teaming/Adversary Simulation: Proven hands-on experience designing and executing complex, multi-stage red team operations.
• Cloud Security Expertise: Strong practical knowledge of security controls and common attack vectors within AWS environments.
• Identity and SaaS Application Attacks: Deep understanding of attacks targeting IDP/IAM, Iaas and Saas environments.
• Offensive Tooling: Hands-on experience with tools used for simulating credential theft, phishing (e.g., Evilginx), and malware simulation (e.g., Infostealers).
• Detection Engineering Knowledge: Fundamental understanding of how security products generate detections (e.g., EDR, SIEM) and the ability to generate data/logs suitable for training and testing.
• Technical Depth: Proficiency in at least one scripting language (e.g., Python, Go) for developing custom attack tools and automating tasks.

• Vulnerability Research: Experience with fuzzing, binary analysis, and finding zero-day or N-day vulnerabilities in software.
• Threat Intelligence: Experience collecting, analyzing, and synthesizing threat intelligence from various sources, including the dark web.
• Container and Orchestration Security: Knowledge of securing containerized environments and Kubernetes.
• Excellent Communication: Ability to clearly document and articulate complex technical findings, attack paths, and detection recommendations to both technical and non-technical audiences.

At WideField, we are building something that has never been done before. That requires a special kind of person.

We are looking for someone who:

• Is a self-starter who takes ownership from day one.
• Can operate creatively and efficiently on a startup budget.
• Shows perseverance and grit, is not afraid to experiment, fail fast, learn, and improve.
• Brings a positive, can-do attitude and thrives in a collaborative, high-trust culture