VMRay builds sandbox technology designed to catch malware that evades signature-based and behavioral detection systems. Founded in 2013 by Dr. Carsten Willems and Dr. Ralf Hund, the company operates out of Bochum, Germany and Boston, Massachusetts, serving 300+ security teams including Fortune 100 enterprises and government organizations. The core product is a threat detection platform that combines malware sandboxing with phishing analysis - engineered specifically for environments where unknown or evasive threats are the primary concern.
The technical approach centers on sandbox instrumentation that monitors execution at a level designed to surface obfuscated payloads and anti-analysis tricks. The team includes detection engineers and security researchers with collective depth in malware analysis, working in Python, C, JavaScript, and the ELK Stack. VMRay's platform is deployed in enterprise SOCs, government threat intelligence operations, and MSSP environments where speed and accuracy on zero-day samples matter operationally.
The company employs over 100 people across its German and U.S. offices. Engineering roles span detection engineering, security research, and platform development. The team describes itself as technical-first, with internal pathways from early-career research contributors to project leadership. Work focuses on iterating against adversary tradecraft - reverse engineering new evasion techniques, tuning detection logic, and shipping updates that keep pace with attacker tooling evolution.