Senior Cyber Security Researcher

Our Company

Tenchi is a Cyber Security company building innovative technology focused on Third-Party Cyber Risk Management for businesses. Founded by serial entrepreneurs and supported by solid institutional investors, we are driven to disrupt this fast-growing industry.

Tenchi was created to tackle a real challenge: companies often face security risks because their third-parties don't maintain the same level of cyber protection. This gap leaves even the largest organizations potentially vulnerable to incidents they can't directly control. That's exactly where we step in.

Our TPCRM SaaS solution, Zanshin, is the only global TPCRM solution that offers both inside-out and outside-in visibility - combining external attack surface monitoring with automated, continuous, and non-intrusive assessments of cloud infrastructure (IaaS, PaaS, SaaS) and security controls.

Our People and Culture

At Tenchi, we build innovative technology to help companies secure their ecosystems with transparency and peace of mind. We are ambitious and purpose-driven. Our culture is rooted in intentionality, transparency, and action. We move fast, communicate openly, and invest in people who want to make an impact.

As a 100% remote company with team members across Brazil, the US, Canada, Argentina, and Spain, we embrace flexibility while solving meaningful challenges together.

🎥 Want to know more about our DNA? Watch the video. https://www.youtube.com/watch?v=HK8J07hWv30&feature=youtu.be

What will you do?

• Security Research: Analyze emerging threats, vulnerabilities, attack techniques, and defensive strategies across various domains (e.g., cloud security, application security, network security, IoT security). Identify potential vulnerabilities and misconfigurations
• Content Engineering and Technical Documentation: Leverage your research into actionable detection rules with detailed mitigation steps to help customers
• Knowledge Sharing: Present research findings internally and externally (e.g., conferences, whitepapers, blog posts) to establish thought leadership and contribute to the broader security community
• Compliance & Regulations: Stay up-to-date on relevant security compliance frameworks (e.g., NIST, ISO 27001, SOC 2, GDPR) and integrate compliance considerations into research initiatives and product recommendations
• Product Development: Collaborate cross-functionally with engineering, product management, data science and consulting teams to translate research findings into actionable product features and security solutions
• Innovation: Drive continuous improvement in research methodologies, tools, and processes. Identify opportunities for automation and efficiency
  
  

Requirements

• Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Security, Networking or a related technical field
• 3+ years of experience in cyber security, with a strong focus on offensive and/or defensive security
• Deep understanding of the cyber security landscape, including common attack vectors, threat intelligence concepts and techniques, and defensive strategies
• Strong knowledge of security compliance frameworks and regulations (e.g., NIST, ISO 27001, GDPR)
• Solid technical background in the following areas:
• Computer Science fundamentals: Operating systems, data structures, algorithms, system architecture, etc
• Networking: TCP/IP, network protocols, HTTP/HTTPS, network security architectures, intrusion detection/prevention, etc
• Cloud Security: AWS, Azure, GCP security services, cloud native architectures., etc
• Excellent communication, presentation, and interpersonal skills, with the ability to articulate complex technical concepts to both technical and non-technical audiences
• Strong analytical and problem-solving skills, with a methodical approach to security challenges.
  
  

Great if you have:

• Experience with scripting and programming languages (e.g., Python, Javascript)
• Active participation in the security community (e.g., conference speaking, open-source contributions, security blogs)
• Strong industry certifications such as OSCP, CISSP, eJPT, etc
• Vendor-specific security certifications such as AWS Certified Security, Azure Security Engineer, GCP Cloud Security Engineer, etc