Senior Software Engineer, Risks and Vulnerability Management
Ann Arbor, Michigan, United States
Security teams need an accurate inventory of their organization’s Internet-facing assets along with prioritized and actionable risk information. Censys maintains the largest, most accurate and most credible map of the Internet, and we’re using that map to discover Internet-facing assets and risks for security practitioners. Censys provides a detailed demarcation of the perimeter and identifies risks to help security practitioners defend their organizations.
We’re looking for a Risks and Vulnerability Engineer to join our engineering team. You’ll be focused on increasing our risk detection coverage and vulnerability database with common vulnerabilities and emerging threats. You will also help conduct reconnaissance to help expand our capabilities to capture and monitor internet resources for risks. You will work directly with data engineering to provide guidance on building and scaling the tools, scanning infrastructure, and frameworks used to provide risks to our Enterprise Data Sets and Attack Surface Management platform.
You’ll be directly responsible for supporting us in our ultimate mission to help organizations understand their infrastructure and security posture.
This Job is a Good Fit if You:
- Thrive in a fast paced startup environment where changes happen quickly and rapid response to emerging threats is a natural part of life.
- Enjoy diving into, breaking, and abusing protocols and systems to find risks in order to show others how to protect themselves.
- Contribute to our culture of learning. Take ownership of issues, admit mistakes, and work to improve over time.
- Make informed decisions by combining empirical evidence with domain expertise and good judgement
- Operate and contribute effectively as part of a team where we work together to solve problems
What You’ll Bring:
- Experience with risk and vulnerability management and the ability to create and help integrate risks into public datasets, frameworks, and APIs used by customer facing applications.
- Experience with Bug Bounty programs or internal security operations.
- Familiarity with vulnerability databases such as MITRE, OWASP, and NIST.
- A “Red Team” mentality to the data engineering and scanning team.
- You can work with your teammates to provide input on internal frameworks used to drive our risks framework.
- Ability to contribute to Python and Go codebases, preferred but not required.
- You’re willing to pair up with anybody to solve problems, with an eye towards code quality and maintainability.
- You are a strong communicator. Explaining complex technical concepts to other engineers, designers, sales people, and content marketers is no problem for you.
What You’ll Do:
- Work closely with data engineering to tightly integrate risks, detection of emerging threats, and other vulnerability enrichments with our datasets.
- Develop new risks for our platform and/or help integrate with 3rd party sources.
- Provide guidance about the internal tooling and mechanisms for easily designing and deriving new risks.
- Work with data engineering to integrate risks with our scanning engine in an ethical manner.
- Work with rapid response to quickly and effectively implement new risks and vulnerabilities and to be able to generate actionable insights from our data when new vulnerabilities are discovered.
- Work with PM to understand business needs and market trends, and determine how our services need to evolve to fit upcoming needs.
- Support research and the Office of the CTO to help influence our long term roadmap around risk and vulnerability management.
- Ensure we have the ability to effectively communicate about our risk framework and processes.
- Occasionally support the Customer Success and Sales Engineering teams with customer or partnership calls to provide technical expertise.
We value diversity and are committed to creating an inclusive environment for all employees. Censys is an equal opportunity employer.
Explore more Information Security career opportunities
- Open SOC Analyst Jobs
- Open Principal Security Engineer Jobs
- Open Threat Intelligence Response Analyst Jobs
- Open Vulnerability Analyst Jobs
- Open Information Security Architect Jobs
- Open Senior Penetration Tester Jobs
- Open IT Security Engineer Jobs
- Open Senior Infrastructure Security Engineer Jobs
- Open Software Security Engineer Jobs
- Open IAM Engineer Jobs
- Open Senior Information Security Engineer Jobs
- Open Personnel Security Officer Jobs
- Open Sr. Product Security Engineer Jobs
- Open Infrastructure Security Engineer Jobs
- Open Senior Incident Response Analyst Jobs
- Open Chief Information Security Officer Jobs
- Open Cybersecurity Analyst Jobs
- Open Staff Security Engineer Jobs
- Open Senior Information Security Analyst Jobs
- Open Information Security Officer Jobs
- Open Sr. Software Engineer - Detection Engineering Jobs
- Open Cyber Security Architect Jobs
- Open Staff Engineer, Cloud Security Jobs
- Open Cybersecurity Engineer Jobs
- Open Threat Intelligence Analyst Jobs
- Open Kubernetes-related jobs
- Open Clearance-related jobs
- Open PCI-related jobs
- Open Open Source-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open Machine Learning-related jobs
- Open IDS-related jobs
- Open Splunk-related jobs
- Open Ruby-related jobs
- Open Intrusion detection-related jobs
- Open OSCP-related jobs
- Open Security assessments-related jobs
- Open Encryption-related jobs
- Open Docker-related jobs
- Open Threat detection-related jobs
- Open IPS-related jobs
- Open TCP/IP-related jobs
- Open HIPAA-related jobs
- Open Cryptography-related jobs
- Open Unix-related jobs
- Open DevSecOps-related jobs
- Open GDPR-related jobs
- Open PowerShell-related jobs