Runtime vision for the cloud: inside the Orca Sensor team Copy

Right, Orca Security — that unicorn startup from Israel.

Back in 2019, Orca Security burst onto the scene, reinventing the rules of cloud protection with its agentless SideScanning™ technology.

Now, our team is building the next-generation non-invasive Sensor. It is designed to give security teams even sharper, real-time visibility in the cloud and a smarter way to prioritize vulnerabilities.
‍

SideScanning™ breakthrough: agentless cloud security

Before Orca entered the market, cloud security meant installing heavy agents on every workload — a slow, messy process that still left gaps.

Orca’s founders saw a better way. They built and patented SideScanning™, a method that connects directly to a cloud provider’s APIs and scans disk and configuration from the outside (hence the name).

If you like an analogy, the mechanism is akin to MRI. It allows users to see their entire cloud environment, spot vulnerabilities and misconfigurations, without ever touching the insides of the “patient.”
‍

Orca Sensor: adding runtime protection

What is Orca Sensor?

Orca Sensor is an installed lightweight component that observes workloads in execution. It supports Linux and Windows environments, as well as Kubernetes platforms, using technologies like eBPF to minimize footprint and latency.

All quotes that follow are from Anton.

‍

How the Sensor fits into Orca's solution

With its runtime perspective, Orca Sensor delivers two critical capabilities:

1. Security detections

The Sensor captures suspicious behavior as it occurs. The system already has over a hundred of individual detection scenarios configured and active, including:

• Container escape attempts
• Privilege escalation
• Cloud reconnaissance activity
• Suspicious process and network activity
• “Living off the land” (LOTL) techniques leveraging legitimate tools

These detections (and new ones that are constantly being updated) give security teams enhanced visibility into stealthy and sophisticated attack patterns, helping them stop threats in time.

Some of our customers use SideScanning™ to get visibility across their entire cloud, and then deploy Orca Sensor on critical workloads where constant visibility is needed.

Essentially, this functionality of the Sensor may be compared to an EDR (Endpoint Detection & Response) solution or an antivirus which is built specifically for highly distributed cloud architectures.

2. Dynamic reachability analysis

Not every vulnerability in the cloud is equally dangerous. Some sit quietly in unused code paths, while others run in active processes and can be exploited. This is why understanding reachability is key.

While SideScanning™ delivers snapshots of the cloud estate and flags those that could potentially be executed, Orca Sensor adds the missing component: runtime insights. The Sensor monitors workloads at the kernel level and confirms which pieces of code actually load and run in memory.

The fact that the Sensor can tell you exactly which package was executed makes vulnerability prioritization much simpler.

All runtime data appears directly in the Orca Platform’s UI, correlated with static findings and filterable by runtime status, exploitability, and severity — so teams get one unified dashboard with full context.

‍

[fs-toc-h2] The Sensor team in Warsaw: members, stack, engineering approach

[fs-toc-omit]Meet the Sensor team

Our crew

The Sensor is built end-to-end by our team of seven engineers (only five made it into the photo, but trust us, there are seven!)

We’re what you’d call a cross-functional team, handling everything from backend and infrastructure to frontend integration.

We work at the intersection of two worlds: systems programming and observability on Linux and Windows, plus a suite of cloud-native services running on AWS platform. You can enjoy a broad scope of responsibility and have an opportunity to grow in the domains you’re most interested in.

Tech stack, tools & development approach

Go is our primary language, but we stay pragmatic. The goal is always to solve the problem, so our technology choices are guided by the specific task rather than loyalty to any single language.

Performance-critical or low-level components are often written in C++ or Rust, while Python is generally used for integration and tooling.

We value people who are comfortable working across different stacks and approach a programming language as a tool to achieve the goal.   

On top of that, Orca provides a rich set of AI-powered tools, whether it’s generating tests or automating repetitive tasks. Tools like Cursor, Claude, and Copilot are all at our disposal.

We promote modern practices, without forcing anyone, but giving a wide choice so each person can build their own toolkit for their tasks.

Connection to other teams

Integrating Sensor data into the main platform means close collaboration with other Orca teams.

The Sensor doesn’t live in isolation, it’s integrated into the platform. For example, when a Sensor alert appears, it needs to be displayed in the interface with all attributes and context: on which infrastructure it was triggered, and what exactly was detected. For that, we work closely with other teams within Orca.

Execution flow

Orca Security is already in its mature stage. That means the company is moving toward established industry practices like quarterly planning and defined roadmaps. Along with this, we’ve kept the good parts of a startup, like fast delivery and flexibility. 

The real-time nature of the Sensor shapes the rhythm of our work: it requires quick action, the ability to handle strict SLAs (for example, delivering an alert to the platform within a minute), and a readiness to take full ownership of the outcome.

Open positions

While we're based in Warsaw and prefer local candidates, we're open to remote collaboration from anywhere in Poland for the right fit.

Roles at the Sensor team

• Team Lead Golang Engineer — to oversee the development of new software products and work hands-on across the DevOps stack

Join our mission to make cloud security smarter, faster, and easier to deploy. If you enjoy solving performance and reliability challenges in the cloud, you’ll find your place on our Pod.

To learn in detail about Orca Security and the Sensor, visit the website.

Connect with the Team Lead, Anton Naumovich, on LinkedIn.
‍

All open roles at Orca Security

Apart from the Sensor one, On The Spot is hosting other Orca Security's teams.

Hiring both in Warsaw (hybrid) and across Poland (remote):

• Senior Frontend Engineer
• Senior Automation QA Engineer
• Team Lead Python Engineer — CDR Team
• Middle Frontend Engineer
• Senior Technical Writer

For more, check the Careers page.