Senior Threat Researcher
SecurityScorecard is an industry-leading cybersecurity company backed by Google, Sequoia, and Riverwood. Our mission is to make the world a safer place. We measure your and your vendors' cyber-health by assigning a security rating of A through F based on outside-in, non-intrusive data. Our Comprehensive security ratings, advanced data analytics, and actionable insights discover Third-Party Vulnerabilities & Security Gaps In Real-Time.
Headquartered in NYC with over 200+ employees globally, raised over $110M USD, used by 1,000+ enterprise customers, and rating 1.5 million companies. We have created a new category of enterprise software, and our culture has helped us be recognized as one of the 10 hottest SaaS startups in NY for two years in a row.
Our vision is to create a new language for companies and their partners to communicate, understand, and improve each other’s security posture.
About the team
The Threat Research team at SecurityScorecard drives both basic and applied security research that directly and indirectly contribute to the security posture of our customers. The team is responsible for the ideation, design, refinement, analysis, and initial proof-of-concept collection for getting new and inferred security analytics into SecurityScorecard's products.
The team brings together staff with a combination of skills ranging from fundamental cyber threat intelligence gathering, software engineering, vulnerability analysis, Internet measurement, malware research, digital forensics, machine learning and data analysis, and networking and operating systems fundamentals that all together lead to the sourcing of data that can better help SecurityScorecard's customers protect their assets, understand their vendors, and educate their staff.
This team works in tandem with other teams in Cyber Threat Research and Intelligence, as well teams outside, including Data Science, Attribution, Scoring, and Data Analytics and Engineering, as well as publishes and communicates research with the outside world through conferences, partnerships, and organizations like the Cyber Threat Alliance.
What you will do
- Analyze and identify methods to track vulnerabilities and security configuration issues in external facing web applications and services
- Working with the Signals Intelligence team to reliably identify and collect at scale security issues & vulnerabilities in customer environments
- Developing novel signals that will help customers in understanding what their security issues are
- Responding to 0-day vulnerabilities and exploits, acting as a subject matter expert
- Analyzing in-the-wild exploit code in order to track, identify and create detection coverage in our security ratings platform
- Writing and publishing reports and contributing to the security research community
- 3+ years knowledge in C/C++ and assembly language
- Experience working with WinDbg or OllyDbg
- Strong familiarity with at least one low-level architecture (x86, ARM, MIPs)
- Solid understanding of TCP/IP and other networking protocols
- A deep understanding of vulnerabilities and exploits
- Ability to conduct vulnerability research through static or dynamic analysis
- 3+ years experience in at least two of the following: binary exploitation and analysis, digital forensics, network traffic analysis, and reverse engineering.
We offer a competitive salary, stock options, a comprehensive benefits package, including health and dental insurance, unlimited PTO, parental leave, tuition reimbursements, and much more!
SecurityScorecard embraces diversity. We believe that our team is strengthened through hiring and retaining employees with diverse backgrounds, skillsets, ideas, and perspectives. We make hiring decisions based upon merit and do not discriminate based on race, religion, national origin, gender identity or expression, sexual orientation, age, or marital, veteran, or disability status.