Vulnerability Analyst

San Francisco, CA or Remote

RiskIQ logo
Apply now Apply later

Posted 4 weeks ago

RiskIQ is the leader in attack surface management, providing the most comprehensive discovery, intelligence, and mitigation of threats associated with an organization’s digital presence. With more than 75 percent of attacks originating outside the firewall, RiskIQ allows enterprises to gain unified insight and control over web, social and mobile exposures. Trusted by thousands of security analysts and Fortune-500 organizations, RiskIQ’s platform combines advanced internet data reconnaissance and analytics to expedite investigations, understand digital attack surfaces, assess risk, and take action to protect the business, brand, and customers. Based in San Francisco, the company is backed by Summit Partners, Battery Ventures, Georgian Partners, and MassMutual Ventures.

We are looking for a Vulnerability Researcher to join our team in San Francisco, Kansas City, or Remote. 

Role Overview

The RiskIQ Research team is looking for an experienced vulnerability analyst to apply their knowledge of vulnerable systems to deliver tactical intelligence to our customer base. The successful analyst will leverage RiskIQ attack surface data to surface potential vulnerabilities systems within customers' attack surfaces that attackers could leverage as avenues of attack to gain unauthorized access to their network.  In addition the analyst develops customer facing reporting on major vulnerabilities and delivers in-depth analysis on how these vulnerabilities can impact our customer base.


  • Apply your analytical knowledge and understanding of vulnerabilities and attack vectors to proactively surface, analyze, and investigate malware, phishing, mobile, brand, vulnerability, and threat incidents to deliver tactical vulnerability intelligence to RiskIQ’s customer base.
  • Build off open source vulnerability reporting to provide customers focused intelligence via RiskIQ’s platform in the form of attack surface insights.
  • Produce short form vulnerability alerts for use in customer communications, briefings, and public facing blog posts
  • Leverage the RiskIQ global collection grid to deliver intelligence on emerging threats and vulnerabilities
  • Enable & increase RiskIQ’s on going detection efforts by discovering unique attack attributes, building custom detection rules, and surfacing globally vulnerable internet connected assets
  • Assist in training our detection models to identify malicious webpages and mitigating false positives across our detection mechanisms
  • Ability to work across a cross functional and distributed team of engineers, data scientists, security researchers, and analysts to deliver new capabilities and reporting 


  • Minimum of 4+ years of experience in vulnerability assessments or penetration testing
  • Strong technical understanding of common network, system, and application vulnerabilities
  • Strong and effective communications skills with the ability to distill down complex vulnerabilities to business impact to customers
  • Highly curious, Self motivated, and Self directed individual who can operate with high level guidance 

Desired Experience

  • Experience developing and deploying vulnerability detection signatures
  • Experience with scripting languages (Python, Perl, Ruby, etc)

Why work at RiskIQ?

  • Fascinating work - Welcome to the dark underbelly of the Internet. RiskIQ’s ability to help organizations map and monitor their attack surface, detect internet-scale threats, and investigate adversaries led to skyrocketing adoption by security teams worldwide. It is the golden age of internet crime, and we are at the forefront of defensive efforts to stem the tide. Internet security is a global growth industry, and the knowledge you acquire here will be a marketable skill for decades to come.
  • We’re a company at the forefront of a burgeoning industry - RiskIQ experienced explosive growth in 2020 due to the steady adoption of attack surface management across the world. Our platform helped the security community respond to threats around COVID-19, the election, and SolarWinds and Microsoft Exchange vulnerabilities. 
  • Top Leadership - Our CEO is a renowned cybersecurity veteran known for his expertise. Our leadership group is poised and experienced, with a track record in successful technology and cybersecurity startups. 
  • Unbounded opportunity - We’re growing! At RiskIQ, you’ll have as much responsibility as you can handle, and new career development opportunities constantly arise given our rate of growth.
  • Flexibility - You'll have as much challenging and meaningful work as you can handle, as well as the freedom to accomplish it on your own terms.
Job tags: Analytics Firewall Malware Open Source Penetration testing Perl Python Ruby Vulnerabilities
Job region(s): North America Remote/Anywhere
Job stats:  60  7  0
  • Share this job via
  • or

More Information Security position highlights