Vulnerability Researcher (Remote)

View full description

Requirements:

• Hands-on experience with common vulnerability classes and exploitation techniques
• Familiarity with CVE (Common Vulnerabilities and Exposures), CWE (Common Weakness Enumeration), and CVSS (Common Vulnerability Scoring System)
• Experience using vulnerability and compliance scanning tools
• Solid grasp of security advisories, vulnerability exploitation, and threat impact
• Knowledge of regular expressions (regex) and SQL for querying large databases
• Experience collaborating with engineers on automated tooling and detection rules
• Familiarity with Git, GitHub, CI/CD processes
• Familiarity with at least one programming language and the ability to use it to automate tasks (e.g. Python, Ruby, or Go)
• Go experience is a big plus

Responsibilities:

• Research current vulnerabilities and exploits using trusted sources and stay up to date with threat intelligence
• Proactively monitor security-related information sources to discover new vulnerabilities and attack vectors
• Apply analytical expertise to investigate malware, phishing, mobile, and brand threats, delivering actionable vulnerability intelligence
• Assess the impact of vulnerabilities on critical systems and advise stakeholders on remediation strategies
• Build custom detection rules, identify unique attack attributes, and surface vulnerable internet-connected assets
• Research and develop new exploits and attack techniques
• Produce root cause analyses and technical reports, clearly communicating findings to both technical and non-technical audiences
• Work with engineers to develop vulnerability checks, fingerprints, queries, and detections
• Collaborate with the engineering team to add findings to the codebase, ideally in Golang