San Francisco, CA or Remote
RiskIQ is the leader in attack surface management, providing the most comprehensive discovery, intelligence, and mitigation of threats associated with an organization’s digital presence. With more than 75 percent of attacks originating outside the firewall, RiskIQ allows enterprises to gain unified insight and control over web, social and mobile exposures. Trusted by thousands of security analysts and Fortune-500 organizations, RiskIQ’s platform combines advanced internet data reconnaissance and analytics to expedite investigations, understand digital attack surfaces, assess risk, and take action to protect the business, brand, and customers. Based in San Francisco, the company is backed by Summit Partners, Battery Ventures, Georgian Partners, and MassMutual Ventures.
We are looking for a Vulnerability Researcher to join our team in San Francisco, Kansas City, or Remote.
The RiskIQ Research team is looking for an experienced vulnerability analyst to apply their knowledge of vulnerable systems to deliver tactical intelligence to our customer base. The successful analyst will leverage RiskIQ attack surface data to surface potential vulnerabilities systems within customers' attack surfaces that attackers could leverage as avenues of attack to gain unauthorized access to their network. In addition the analyst develops customer facing reporting on major vulnerabilities and delivers in-depth analysis on how these vulnerabilities can impact our customer base.
- Apply your analytical knowledge and understanding of vulnerabilities and attack vectors to proactively surface, analyze, and investigate malware, phishing, mobile, brand, vulnerability, and threat incidents to deliver tactical vulnerability intelligence to RiskIQ’s customer base.
- Build off open source vulnerability reporting to provide customers focused intelligence via RiskIQ’s platform in the form of attack surface insights.
- Produce short form vulnerability alerts for use in customer communications, briefings, and public facing blog posts
- Leverage the RiskIQ global collection grid to deliver intelligence on emerging threats and vulnerabilities
- Enable & increase RiskIQ’s on going detection efforts by discovering unique attack attributes, building custom detection rules, and surfacing globally vulnerable internet connected assets
- Assist in training our detection models to identify malicious webpages and mitigating false positives across our detection mechanisms
- Ability to work across a cross functional and distributed team of engineers, data scientists, security researchers, and analysts to deliver new capabilities and reporting
- Minimum of 4+ years of experience in vulnerability assessments or penetration testing
- Strong technical understanding of common network, system, and application vulnerabilities
- Strong and effective communications skills with the ability to distill down complex vulnerabilities to business impact to customers
- Highly curious, Self motivated, and Self directed individual who can operate with high level guidance
- Experience developing and deploying vulnerability detection signatures
- Experience with scripting languages (Python, Perl, Ruby, etc)
Why work at RiskIQ?
- Fascinating work - Welcome to the dark underbelly of the Internet. RiskIQ’s ability to help organizations map and monitor their attack surface, detect internet-scale threats, and investigate adversaries led to skyrocketing adoption by security teams worldwide. It is the golden age of internet crime, and we are at the forefront of defensive efforts to stem the tide. Internet security is a global growth industry, and the knowledge you acquire here will be a marketable skill for decades to come.
- We’re a company at the forefront of a burgeoning industry - RiskIQ experienced explosive growth in 2020 due to the steady adoption of attack surface management across the world. Our platform helped the security community respond to threats around COVID-19, the election, and SolarWinds and Microsoft Exchange vulnerabilities.
- Top Leadership - Our CEO is a renowned cybersecurity veteran known for his expertise. Our leadership group is poised and experienced, with a track record in successful technology and cybersecurity startups.
- Unbounded opportunity - We’re growing! At RiskIQ, you’ll have as much responsibility as you can handle, and new career development opportunities constantly arise given our rate of growth.
- Flexibility - You'll have as much challenging and meaningful work as you can handle, as well as the freedom to accomplish it on your own terms.
More Information Security position highlights
- Explore open SOC Analyst Jobs
- Explore open Senior SOC Analyst Jobs
- Explore open Threat Intelligence Response Analyst Jobs
- Explore open Senior Penetration Tester Jobs
- Explore open Staff Security Engineer Jobs
- Explore open Information Security Officer Jobs
- Explore open Vulnerability Analyst Jobs
- Explore open Threat Intelligence Analyst Jobs
- Explore open Software Security Engineer Jobs
- Explore open Infrastructure Security Engineer Jobs
- Explore open Senior Information Security Engineer Jobs
- Explore open Chief Information Security Officer Jobs
- Explore open Cybersecurity Analyst Jobs
- Explore open IAM Engineer Jobs
- Explore open Sr. Software Engineer - Detection Engineering Jobs
- Explore open Computer Network Defense & Incident Response Analyst - Mid to Senior Level Jobs
- Explore open DevOps Security Engineer Jobs
- Explore open Computer Forensic Software Engineer Jobs
- Explore open Personnel Security Officer Jobs
- Explore open Senior Information Security Analyst Jobs
- Explore open Engineering Manager - Information Security, Bangalore Jobs
- Explore open Cybersecurity Engineer Jobs
- Explore open Staff Engineer, Cloud Security Jobs
- Explore open Cyber Threat Analyst Jobs
- Explore open Privacy Manager Jobs
- Explore open Clearance-related jobs
- Explore open Open Source-related jobs
- Explore open CEH-related jobs
- Explore open Forensics-related jobs
- Explore open PCI-related jobs
- Explore open IDS-related jobs
- Explore open Risk management-related jobs
- Explore open Audits-related jobs
- Explore open NIST-related jobs
- Explore open Ruby-related jobs
- Explore open Splunk-related jobs
- Explore open OSCP-related jobs
- Explore open Machine Learning-related jobs
- Explore open Google-related jobs
- Explore open IPS-related jobs
- Explore open AI-related jobs
- Explore open Encryption-related jobs
- Explore open Security assessments-related jobs
- Explore open Docker-related jobs
- Explore open PowerShell-related jobs
- Explore open DNS-related jobs
- Explore open TCP/IP-related jobs
- Explore open Unix-related jobs
- Explore open Threat detection-related jobs