Staff Security Researcher
About The Position
Zscaler is a pioneer and global leader in zero trust security. The world’s largest businesses, critical infrastructure organizations, and government agencies rely on Zscaler to secure users, branches, applications, data & devices, and to accelerate digital transformation initiatives. Distributed across more than 160 data centers globally, the Zscaler Zero Trust Exchange platform combined with advanced AI combats billions of cyber threats and policy violations every day and unlocks productivity gains for modern enterprises by reducing costs and complexity. Here, impact in your role matters more than title and trust is built on results. We believe in transparency and value constructive, honest debate—we’re focused on getting to the best ideas, faster. We build high-performing teams that can make an impact quickly and with high quality. To do this, we are building a culture of execution centered on customer obsession, collaboration, ownership and accountability. We champion an “AI Forward, People First” philosophy to help us accelerate and innovate, empowering our people to embrace their potential. If you’re driven by purpose, thrive on solving complex challenges and want to make a positive difference on a global scale, we invite you to bring your talents to Zscaler to help shape the future of cybersecurity. Role We are looking for a Staff Security Researcher to join our Engineering team. This is a remote role, reporting to the Senior Director of Information Security. You will join the team that built the world’s largest cloud security platform from the ground up, enabling organizations worldwide to harness speed and agility with a cloud-first strategy. You’ll bring your vision and passion to enhance services and increase our global footprint for over 15 million users across 185 countries.
Requirements
- 5+ years of cybersecurity experience, particularly in incident response or product security
- Bachelor’s degree (or equivalent experience) in a relevant field like Cybersecurity, Computer Science, or Information Systems
- Proficiency in security principles, secure coding practices, and protocols such as HTTP and TCP/IP
- Hands-on experience managing security incidents, including malware and exploits
- Experience with SIEMs, vulnerability scanners, and scripting tools like Python or PowerShell
Nice To Haves
- Certifications such as CISSP, CEH, OSCP, or related credentials
- Professional experience with SDLC (secure development lifecycle) and performing code reviews
- Advanced proficiency with EDR platforms and threat intelligence tools
Responsibilities
- Lead technical responses for critical product security incidents by coordinating with Engineering, Product, and Legal teams to ensure swift resolution and mitigation
- Own the triaging, investigation, and management of product vulnerabilities from intake to resolution, prioritizing high-impact issues with critical urgency
- Serve as the primary technical interface for the bug bounty program by validating, reproducing, and assessing the business impact of reported vulnerabilities
- Conduct thorough root cause analysis for vulnerabilities and provide engineering teams with secure, scalable remediation strategies to prevent recurrence
- Use insights from identified vulnerabilities to enhance secure development lifecycle (SDL) processes, improve coding standards, and influence security architecture
Benefits
- Various health plans
- Time off plans for vacation and sick time
- Parental leave options
- Retirement options
- Education reimbursement
- In-office perks, and more!
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Number of Employees
5,001-10,000 employees
