Acronis protects every workload — from endpoints to cloud — through the industry's only all-in-one cyber protection platform. Our Threat Research Unit (TRU) sits at the center of that mission: we hunt adversaries, dissect campaigns, and build the detection logic that keeps millions of systems safe.

We're looking for a Cybersecurity Researcher (Labs) who thrives on outsmarting threat actors. Whether your edge is reverse engineering malware, building behavioral detections, investigating insider threats, or responding to live incidents — if you're driven to understand how attacks work and how to stop them, this role is for you.

You'll work alongside researchers, detection engineers, and data scientists across multiple time zones to develop and ship protections that reach customers at scale. You'll also have the autonomy to pursue original research and present your findings to the broader security community.

WHAT YOU'LL DO

Research adversary tactics, techniques, and procedures (TTPs) and translate them into detection and prevention capabilities for Acronis Security and EDR products.
Analyze malicious and benign content — executables, scripts, documents, memory dumps, network traffic, exploit chains — to identify indicators and behavioral patterns.
Develop, tune, and maintain detection logic, signatures, and behavioral rules across multiple expression languages and rule formats.
Monitor and improve automated detection pipelines to maintain high efficacy and low false-positive rates.
Track emerging threats through open-source intelligence, telemetry analysis, and threat feeds to ensure coverage keeps pace with the landscape.
Collaborate with scan engine and product engineering teams on joint research projects and new security features.
Publish original research through blog posts, whitepapers, and conference presentations.

WHO WE’RE LOOKING FOR

Deep understanding of modern attack techniques, common malware families, OS internals (Windows required; macOS and Linux are a plus), and network protocols.
5+ years of hands-on experience in one or more of: malware analysis (static, dynamic, behavioral), detection engineering, threat hunting, incident response, or insider threat investigation.
Proven ability to develop detection logic — whether that's YARA, Sigma, EQL, KQL, custom behavioral signatures, or something else entirely.
Comfortable working with threat intelligence platforms and frameworks: VirusTotal, Shodan, MISP, MITRE ATT&CK, or similar.
Software development skills in Python; familiarity with REST APIs, SQL, and regex. C/C++ is a plus.
Strong analytical thinking, relentless curiosity, and the motivation to succeed in a fast-paced, distributed environment.
Solid written and spoken English.

Nice to have:

Experience with proactive threat hunting using EDR/XDR platforms.
Background working at a security vendor or on a dedicated threat intelligence team.
Familiarity with machine learning approaches to threat detection.
Network traffic analysis skills (Wireshark, Zeek).
Published security research or conference talks.

*Please submit your resume and application in English

WHO WE ARE

A Swiss company founded in Singapore in 2003, Acronis offers over twenty years of innovation with 15 offices worldwide and more than 1800 employees in 50+ countries. Acronis Cyber Protect is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.

Our corporate culture is focused on making a positive impact on the lives of each employee and the communities we serve. Mutual trust, respect and belief that we can contribute to the world everyday are the cornerstones of our team. Each member of our “A-Team” plays an instrumental role in driving the success of our innovative and expanding business. We seek individuals who excel in dynamic, global environments and have a never give up attitude, contributing to our collective growth and impact.

OUR INTERVIEW PRACTICES

To ensure a fair and genuine hiring process, candidates are expected to participate in interviews without the use of AI tools, automated prompts, or third-party assistance. Interviews are designed to assess individual skills, experience, and communication style and we value authentic, real-time interaction.

Use of AI or external assistance during live interviews may result in disqualification. For roles where AI skills are being evaluated, permitted use of AI tools will be clearly communicated in advance. Candidates may be asked to disable virtual backgrounds or participate in in-person interviews. All employment offers are contingent upon successful completion of applicable criminal, education and identity background checks

Acronis is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, marital status, national origin, physical or mental disability, medical condition, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, gender identity or expression, or any other characteristic protected by applicable laws, regulations and ordinances.

Security

Cybersecurity Researcher (Threat Analysis and Detection Engineering)

Please note that the application process will be managed on our partner website, Workday, which will require you to log in or create an account.