Rockefeller Philanthropy Advisors is hiring a Principal Security Researcher for a fully remote, mission-driven role based in the United States. You will lead investigations into attacker behaviors within Google environments and develop weaponized proofs-of-concept to shape the security capabilities protecting thousands of businesses.

What You'll Do

Lead the development of layered defense strategies combining diverse data sources to enhance security products.
Investigate identity compromises like account takeover and credential theft to inform threat detection and identity protection features.
Hunt threat actors in Google environments, analyzing attacker methods for initial access and persistence.
Test attack paths and develop exploit proofs-of-concept to improve product defenses.
Identify and validate telemetry signals confirming malicious activity with high confidence.
Reverse engineer technology to find security weaknesses and undocumented features.
Document research findings through technical reports, advisories, and blogs.
Collaborate closely with product, engineering, and security teams to prioritize impactful features and product launches.
Promote security awareness through media, public speaking, and educational initiatives.

What We're Looking For

Expert knowledge of Google logs, APIs, and the ability to access and test Google data beyond native tools.
Proven experience bypassing Google security controls, including MFA, and executing account takeovers.
Skilled at building reliable weaponized exploit proofs-of-concept for identified vulnerabilities.
Strong understanding of Google vulnerabilities and threats with hands-on testing in custom labs.
Ability to shift between red team, system admin, and defender roles with a builder mindset.
Experience working in multi-tenant environments such as MSPs and Google Workspace business plans.
Excellent organizational and communication skills with a passion for translating complex security concepts into accessible insights.