Senior Security Vulnerability Researcher

BitSight’s mission is to enable trust in digital transactions.  Together, we are transforming how the market governs cybersecurity risk through Security Ratings. BitSight Security Ratings are real-time, data-driven measurements of cyber security performance that help companies, investors, insurers, government agencies and regulators make informed, dynamic risk decisions impacting business results, financial investments and national security.

• Founded in 2011, BitSight transforms how organizations manage information security risk. 
• Manage third party risk, underwrite cyber insurance policies, benchmark performance, conduct M&A due diligence and assess aggregate risk. 
• Seven of the top 10 cyber insurers, 20% of Fortune 500 companies, and 3 of the top 5 investment banks use BitSight
• BitSight is the most widely used Security Ratings Service with over 2,500 customers and the largest ecosystem of users and information

You will be a member of the BitSight security data research team. The main goals of the team is to provide BitSight with subject matter expertise in cyber security, and is focused primarily on the analysis of new vulnerabilities and supporting the threat research efforts. In addition, you will collaborate with fellow internal and external researchers, data scientists, product and engineering groups to support and develop new data sets and analytical capabilities.

Primary Duties:

• Help BitSight maintain the most accurate and up-to-date global visibility on new vulnerabilities;
• Help BitSight maintain global visibility over the current threat landscape;

Operational Duties:

• Keep up with newly published vulnerabilities;
• Understand the technical details of the published vulnerabilities as well as their real risk;
• Build scripts and software modules to verify the presence of vulnerabilities;
• Effectively communicate the vulnerability impact;
• Reverse-engineer vulnerability patches in order to better understand certain vulnerabilities;
• Assist in analysing data from internet scanning tools in order to validate its accuracy;
• Assist in the development of tools to improve vulnerability or threat research.

Experience, Skills and Knowledge:

• Fast learner and motivated.
• Must be particularly interested in cybersecurity;
• BSc or MSc is desirable;
• Comfortable working in Windows, OS X, Linux and Android environments;
• Technical knowledge of network protocols and security concepts;
• Comfortable with at least one programming language, ideally Python.

• Diversity. BitSight  is proud to be an equal opportunity employer. This means we do not tolerate discrimination of any kind and are committed to providing equal employment opportunities regardless of your gender identity, race, nationality, religion, sexual orientation, status as a protected veteran, or status as an individual with a disability.
• Culture. We put our people first. BitSight offers best in class benefits, including unlimited paid time off, 401k match, and commuter benefits. All employees are bonus eligible. We devote the same energy to nurturing our company's inclusive culture as we apply to serving our customers' needs. Working at BitSight will give you the opportunity to fulfill your professional goals and expand your skills.
• Open-minded. If you got to this point, we hope you’re feeling excited about the job description you just read.  Even if you don’t feel that you meet every single requirement, we still encourage you to apply.  We’re eager to meet people that believe in BitSight’s mission and can contribute to our team in a variety of ways.

For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance.  This position may be considered a promotional opportunity, pursuant to the Colorado Equal Pay for Equal Work Act.  If you are resident of Colorado, please email us at recruiting@bitsighttech.com to receive compensation and benefits information for this role.