Tech Lead Manager Security Research Team

Tenchi is a Cyber Security company building innovative technology focused on Third-Party Cyber Risk Management for businesses. Founded by serial entrepreneurs and supported by solid institutional investors, we are driven to disrupt this fast-growing industry.

Tenchi was created to tackle a real challenge: companies often face security risks because their third-parties don't maintain the same level of cyber protection. This gap leaves even the largest organizations potentially vulnerable to incidents they can't directly control. That's exactly where we step in.

Our TPCRM SaaS solution, Zanshin, is the only global TPCRM solution that offers both inside-out and outside-in visibility - combining external attack surface monitoring with automated, continuous, and non-intrusive assessments of cloud infrastructure (IaaS, PaaS, SaaS) and security controls.

At Tenchi, we build innovative technology to help companies secure their ecosystems with transparency and peace of mind. We are ambitious and purpose-driven. Our culture is rooted in intentionality, transparency, and action. We move fast, communicate openly, and invest in people who want to make an impact.

As a 100% remote company with team members across Brazil, the US, Canada, Argentina, and Spain, we embrace flexibility while solving meaningful challenges together.

Want to know more about our DNA? Watch the video.

• Lead and Mentor: Lead, mentor, and grow a team of security researchers, fostering a collaborative and innovative environment. Provide technical guidance, career development, and performance feedback.
• Strategic Direction: Define and execute the technical roadmap for the Security Research team, aligning with company goals and anticipating future security challenges.
• Security Research: Drive in-depth research into emerging threats, vulnerabilities, attack techniques, and defensive strategies across various domains (e.g., cloud security, application security, network security, IoT security).
• Attack Surface Management (ASM): Develop and refine methodologies for understanding, mapping, and managing the attack surface of our customers and internal systems. Drive research into novel ASM techniques and tooling.
• Compliance & Regulations: Stay abreast of relevant security compliance frameworks (e.g., NIST, ISO 27001, SOC 2, GDPR) and integrate compliance considerations into research initiatives and product recommendations.
• Vulnerability Disclosure: Oversee and contribute to responsible vulnerability disclosure processes, working with external researchers and vendors as needed.
• Technical Expertise: Leverage a strong technical background in computer science, networking, or related fields to guide complex research projects and troubleshoot technical challenges.
• Collaboration: Collaborate cross-functionally with engineering, product management, data science and consulting teams to translate research findings into actionable product features and security solutions.
• Knowledge Sharing: Present research findings internally and externally (e.g., conferences, whitepapers, blog posts) to establish thought leadership and contribute to the broader security community.
• Innovation: Drive continuous improvement in research methodologies, tools, and processes. Identify opportunities for automation and efficiency.

• Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Security, Networking or a related technical field.
• Fluent English is required, both written and spoken, to effectively communicate with global teams.
• 3+ years of experience in security research, with a strong focus on offensive and/or defensive security.
• 2+ years of experience in a technical leadership or management role, leading a team of security professionals.
• Deep understanding of the cyber security landscape, including common attack vectors, threat intelligence, and defensive strategies.
• Proven expertise in Attack Surface Management (ASM) principles and practices, including external asset discovery, vulnerability prioritization, and risk assessment.
• Strong knowledge of security compliance frameworks and regulations (e.g., NIST, ISO 27001, GDPR).
• Solid technical background in at least one of the following areas:
  • Computer Science fundamentals: Operating systems, data structures, algorithms, system architecture.
  • Networking: TCP/IP, network protocols, HTTP/HTTPS, network security architectures, intrusion detection/prevention.
  • Cloud Security: AWS, Azure, GCP security services, cloud native architectures.
• Experience with scripting and programming languages (e.g., Python, Javascript).
• Excellent communication, presentation, and interpersonal skills, with the ability to articulate complex technical concepts to both technical and non-technical audiences.
• Strong analytical and problem-solving skills, with a methodical approach to security challenges.

Bonus Points For:

• Experience with bug bounty programs and vulnerability coordination.
• Active participation in the security community (e.g., conference speaking, open-source contributions, security blogs).
• Certifications such as CISSP, CISM, OSCP, AWS Certified Security Specialty.