Vulnerability Researcher

Summary

Join runZero, a fully remote company with a strong focus on product-market fit and customer satisfaction, as a Vulnerability Researcher. You will play a crucial role in uncovering and analyzing vulnerabilities to enhance runZero's detection and intelligence capabilities. This position involves researching and monitoring security threats, collaborating with engineers on developing detection rules and vulnerability checks, and proactively identifying risks to provide valuable insights for customers.

Requirements

• Hands-on experience with common vulnerability classes and exploitation techniques
• Familiarity with CVE (Common Vulnerabilities and Exposures), CWE (Common Weakness Enumeration), and CVSS (Common Vulnerability Scoring System)
• Experience using vulnerability and compliance scanning tools
• Solid grasp of security advisories, vulnerability exploitation, and threat impact
• Knowledge of regular expressions (regex) and SQL for querying large databases
• Experience collaborating with engineers on automated tooling and detection rules
• Familiarity with Git, GitHub, CI/CD processes
• Familiarity with at least one programming language and the ability to use it to automate tasks (e.g. Python, Ruby, or Go)

Responsibilities

• Research current vulnerabilities and exploits using trusted sources and stay up to date with threat intelligence
• Proactively monitor security-related information sources to discover new vulnerabilities and attack vectors
• Apply analytical expertise to investigate malware, phishing, mobile, and brand threats, delivering actionable vulnerability intelligence
• Assess the impact of vulnerabilities on critical systems and advise stakeholders on remediation strategies
• Build custom detection rules, identify unique attack attributes, and surface vulnerable internet-connected assets
• Research and develop new exploits and attack techniques
• Produce root cause analyses and technical reports, clearly communicating findings to both technical and non-technical audiences
• Work with engineers to develop vulnerability checks, fingerprints, queries, and detections
• Collaborate with the engineering team to add findings to the codebase, ideally in Golang

Preferred Qualifications

Go experience is a big plus

Benefits

• Top of the line medical, dental, vision, life and disability coverages with runZero paying for 100% of the premium
• A stock option plan consistent with early stage, rapidly-growing startups
• A competitive salary composed of cash and equity compensation
• Unlimited PTO (We encourage everyone to take at least 25 days a year)
• 4% 401(k) matching program