Security Engineer/researcher - Cloud

Research & Development · Prague, Prague
Department Research & Development
Employment Type Full-Time
Minimum Experience Mid-level

Hello, we are Runecast

Our Runecast Analyzer is used for mission-critical IT operations from deep sea to space. It catches configuration or security compliance errors in virtualized data centers before they lead to service disruptions or breaches. We are also performing Data Science research on ML and NLP for context-based free text processing to make this process even smarter.

We’re a team of entrepreneur-minded professionals from more than 15 countries – but united, with most of us in our largest operations center in Brno, Czech Republic. Our skills have convinced companies like Verizon, Scania, Fujisoft, the German Aerospace Center (DLR), Erste Bank, Avast, University of St Andrews and many other enterprises (and SMBs) to trust our solution to protect their data centers.‍

We are looking for an outstanding Security Engineer/Researcher with a speciality in Cloud to join our team:

We are a company with a flat hierarchy, so everyone has direct access to the CTO, CEO, and other company founders. We work in self organised, agile teams where everyone can share ideas and influence how things get done. Our team consists of Java developers, QA specialists, virtualizations experts, AI scientists, UI engineers, and UX designers.

About the job:

As a Security Engineer you will be part of a multi-disciplinary engineering team that is responsible for the research, development, and maintenance of security compliance and vulnerability rules and signatures for Runecast Analyzer.

In this team you will be mainly responsible for public cloud platforms, but you will have exposure and opportunities to work on other technologies: Kubernetes, VMware, Windows, Linux. The role involves tracking capabilities of new and existing public cloud services and understanding how they can be exploited, and mapping industry-standard compliance standards onto public cloud infrastructure, to provide customers insight into cloud hygiene and compliance. 

What you’ll do:

  • Research and Develop signatures to identify non-compliant configuration settings in the area of public cloud services, covering the requirements of regulatory compliance profiles such as CIS, PCI-DSS, NIST and newly reported vulnerabilities.
  • Provide subject matter expertise to internal core engineering and development teams to leverage SDKs and APIs in order to interact with the public cloud services.
  • Maintain the development and test infrastructure and quickly set up new disposable environments for testing and development.
  • Participate in technical support cases for timely resolution of issues and for problem reproduction and escalation.
  • For the most critical vulnerabilities and exploits, help prepare knowledgebase articles or blog posts detailing the findings and impact.


What You’ll Need:

  • Research mindset, with a hold on where to look for relevant information about threats, vulnerabilities and security compliance requirements.
  • Ability to communicate, collaborate, and work effectively in a distributed team.
  • Knowledge and understanding with Cloud services/Platforms and various cloud service provider offerings (AWS, Azure, Google)
  • Experience with the operations of large production environments.
  • Proficient in bash and python.

Bonus Points

  • Working experience on UNIX/Linux, VMware, Kubernetes.
  • Worked in a relevant position of IT security risk/vulnerability management;
  • Familiarity with common compliance standards, such as CIS Benchmarks, PCI-DSS and HIPAA.

What we offer:

Enough of requirements! At Runecast, you can enjoy:

  • Join us in our Brno office or work from home. We do have an office in Brno, although many of us are working from home at the moment. We also have people working remotely from all over the world.
  • Friendly people and great co-founders. People are often mentioned as one of the reasons why we love working at Runecast. Everyone is very friendly, and there is nothing easier than getting in touch with one of the co-founders, as they work among us.
  • International team. We are a truly international team. We have our main office in Brno, where you will meet with people from nine different countries. Many people are also distributed over several European countries – from Bulgaria to the UK. Furthermore, we have people working with us from the USA and APAC region, where we are also growing.
  • Being part of a growing company, where things feel like a startup. We are not big on a ten-step process just to get approval for one tiny change. We are all working together and we value input from everyone.
  • Flexible working hours. We don’t care about clocking in and out at specific times. Some of us prefer to work early in the morning, others start later in the day. 
  • Paid therapy sessions. Mental health is paramount. Speak to a therapist whenever you need to, Runecast will contribute to the sessions.
  • Further education and certifications. We'll pay for certifications and courses that will help you to get better.

We encourage you to apply:

Runecast is an equal opportunity employer and we value diversity at our company. We do not discriminate on the basis of your race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability or any other characteristic.

Thank You

Your application was submitted successfully.

  • Location
    Prague, Prague
  • Department
    Research & Development
  • Employment Type
  • Minimum Experience