Vulnerability and Exploitation Researcher

About The Position

Requirements

• Hands-on experience with common vulnerability classes and exploitation techniques
• Familiarity with CVE (Common Vulnerabilities and Exposures), CWE (Common Weakness Enumeration), CVSS (Common Vulnerability Scoring System), EPSS (Exploit Prediction Scoring System).
• Experience using vulnerability and compliance scanning tools (Tenable, Rapid7, Qualys, Rockwell, and many other options)
• Solid grasp of security advisories, vulnerability exploitation, and threat impact
• Experience collaborating with engineers on automated tooling and detection rules
• Familiarity with Git, GitHub, CI/CD processes
• Familiarity with at least one programming language and the ability to use it to automate tasks (e.g. Go, Python, or Ruby)

Nice To Haves

• Knowledge of regular expressions (regex) and SQL for querying large databases is a big plus
• Experience coding in Go is a big plus
• Presentation skills at hacker conferences is a big plus

Responsibilities

• Research current vulnerabilities and exploits using trusted sources, and stay up to date with threat intelligence
• Write root cause analyses and technical reports, as needed, clearly communicating findings to technical audiences
• Proactively monitor security-related information sources to discover new vulnerabilities and attack vectors
• Apply analytical expertise to investigate malware, phishing, mobile, and brand threats, delivering actionable vulnerability intelligence
• Assess the impact of vulnerabilities on critical systems and advise stakeholders on remediation strategies
• Build custom detection rules, identify unique attack attributes, and surface vulnerable internet-connected assets
• Assess in-the-wild exploitation readiness
• Research and develop new exploits and attack techniques
• Work with product and research engineers to develop vulnerability checks, fingerprints, queries, and detections
• Collaborate with the engineering team to add findings to the codebase, ideally in Golang

Benefits

• Fully remote: runZero is a 100% remote company! While we aim to gather annually for kick-offs, our team thrives in the flexibility and freedom that remote work provides.
• Benefits: We prioritize the well-being of our team members, which is why runZero pays for 100% of the premium platinum-level medical, vision, dental, life, and short-term disability coverage for you and your dependents.
• 401k: We match 4% of 401K contributions
• Time off: We offer unlimited PTO, 11 official company holidays, and a recharge week at the end of the year
• Paid parental leave: We offer 12 weeks of paid parental leave
• Culture of collaboration: Our team is diverse, representing various backgrounds and perspectives, which fosters an inclusive and vibrant environment. With flexible schedules and supportive coworkers who listen to one another, runZero promotes a culture of collaboration.
• And more!