San Francisco (CA), Lenexa (KS), Remote
RiskIQ is the leader in attack surface management, providing the most comprehensive discovery, intelligence, and mitigation of threats associated with an organization’s digital presence. With more than 75 percent of attacks originating outside the firewall, RiskIQ allows enterprises to gain unified insight and control over web, social and mobile exposures. Trusted by thousands of security analysts, RiskIQ’s platform combines advanced internet data reconnaissance and analytics to expedite investigations, understand digital attack surfaces, assess risk and take action to protect the business, brand, and customers. Based in San Francisco, the company is backed by Summit Partners, Battery Ventures, Georgian Partners and MassMutual Ventures.
We are looking for a Vulnerability Researcher to join our team in San Francisco, Kansas City, or Remote.
The RiskIQ Research team is looking for an experienced vulnerability analyst to apply their knowledge of vulnerable systems to deliver tactical intelligence to our customer base. The successful analyst will leverage RiskIQ attack surface data to surface potential vulnerabilities systems within customers attack surfaces that attackers could leverage as avenues of attack to gain unauthorized access to their network. In addition the analyst develop customer facing reporting on major vulnerabilities and deliver in-depth analysis on how these vulnerabilities can impact our customer base.
Your responsibilities will include
- Apply your analytical knowledge and understanding of vulnerabilities and attack vectors to proactively surface, analyze, and investigate malware, phishing, mobile, brand, vulnerability, and threat incidents to deliver tactical vulnerability intelligence to RiskIQ’s customer base.
- Build off open source vulnerability reporting to provide customers focused intelligence via RiskIQ’s platform in the form of attack surface insights.
- Produce short form vulnerability alerts for use in customer communications, briefings, and public facing blog posts
- Leverage the RiskIQ global collection grid to deliver intelligence on emerging threats and vulnerabilities
- Enable & increase RiskIQ’s on going detection efforts by discovering unique attack attributes, building custom detection rules, and surfacing globally vulnerable internet connected assets
- Assist in training our detection models to identify malicious webpages and mitigating false positives across our detection mechanisms
- Ability to work across a cross functional and distributed team of engineers, data scientists, security researchers, and analysts to deliver new capabilities and reporting
- Minimum of 4+ years of experience in vulnerability assessment and a bachelor's degree or equivalent combination of schooling/certifications in lieu of degree
- Strong technical understanding of common network, system, and application vulnerabilities
- Strong and effective communications skills with the ability to distill down complex vulnerabilities to business impact to customers
- Highly curious, Self motivated, and Self directed individual who can operate with high level guidance
- Experience developing and deploying vulnerability detection signatures
- Experience with scripting languages (Python, Perl, Ruby, etc)
Why work at RiskIQ?
- Fascinating work - Welcome to the dark underbelly of the Internet. RiskIQ’s ability to help organizations map and monitor their attack surface, detect internet-scale threats, and investigate adversaries led to skyrocketing adoption by security teams around the world. It is the golden age of internet crime, and we are at the forefront of defensive efforts to stem the tide. Internet security is a global growth industry, and the knowledge you acquire here will be a marketable skill for decades to come.
- We’re a company on the forefront of a burgeoning industry - RiskIQ experienced explosive growth in 2018, including a 362.5 percent increase in net new product sales due to the steady adoption of attack surface management across the world. We also experienced a 365 percent increase in registration for RiskIQ community, our freemium entry-level product, showing the increasing role of security outside the firewall to the growth of businesses.
- Top Leadership - Our CEO is a renowned cybersecurity veteran known for his expertise. Our leadership group is poised and experienced with a track record in technology and cybersecurity.
- Unbounded opportunity - We’re growing! At RiskIQ, you’ll be provided with as much responsibility as you can handle—new career development opportunities constantly arise given our rate of growth.
- Flexibility - You’ll have a large workload, but also the freedom to accomplish it on your own terms.