Senior Software Engineer, Risks and Vulnerability Management
Ann Arbor, Michigan, United States
Censys
Exposure Management, External Attack Surface Management, and Threat Hunting solutions powered by the most comprehensive dataset of internet intelligence.Security teams need an accurate inventory of their organization’s Internet-facing assets along with prioritized and actionable risk information. Censys maintains the largest, most accurate and most credible map of the Internet, and we’re using that map to discover Internet-facing assets and risks for security practitioners. Censys provides a detailed demarcation of the perimeter and identifies risks to help security practitioners defend their organizations.
We’re looking for a Risks and Vulnerability Engineer to join our engineering team. You’ll be focused on increasing our risk detection coverage and vulnerability database with common vulnerabilities and emerging threats. You will also help conduct reconnaissance to help expand our capabilities to capture and monitor internet resources for risks. You will work directly with data engineering to provide guidance on building and scaling the tools, scanning infrastructure, and frameworks used to provide risks to our Enterprise Data Sets and Attack Surface Management platform.
You’ll be directly responsible for supporting us in our ultimate mission to help organizations understand their infrastructure and security posture.
This Job is a Good Fit if You:
- Thrive in a fast paced startup environment where changes happen quickly and rapid response to emerging threats is a natural part of life.
- Enjoy diving into, breaking, and abusing protocols and systems to find risks in order to show others how to protect themselves.
- Contribute to our culture of learning. Take ownership of issues, admit mistakes, and work to improve over time.
- Make informed decisions by combining empirical evidence with domain expertise and good judgement
- Operate and contribute effectively as part of a team where we work together to solve problems
What You’ll Bring:
- Experience with risk and vulnerability management and the ability to create and help integrate risks into public datasets, frameworks, and APIs used by customer facing applications.
- Experience with Bug Bounty programs or internal security operations.
- Familiarity with vulnerability databases such as MITRE, OWASP, and NIST.
- A “Red Team” mentality to the data engineering and scanning team.
- You can work with your teammates to provide input on internal frameworks used to drive our risks framework.
- Ability to contribute to Python and Go codebases, preferred but not required.
- You’re willing to pair up with anybody to solve problems, with an eye towards code quality and maintainability.
- You are a strong communicator. Explaining complex technical concepts to other engineers, designers, sales people, and content marketers is no problem for you.
What You’ll Do:
- Work closely with data engineering to tightly integrate risks, detection of emerging threats, and other vulnerability enrichments with our datasets.
- Develop new risks for our platform and/or help integrate with 3rd party sources.
- Provide guidance about the internal tooling and mechanisms for easily designing and deriving new risks.
- Work with data engineering to integrate risks with our scanning engine in an ethical manner.
- Work with rapid response to quickly and effectively implement new risks and vulnerabilities and to be able to generate actionable insights from our data when new vulnerabilities are discovered.
- Work with PM to understand business needs and market trends, and determine how our services need to evolve to fit upcoming needs.
- Support research and the Office of the CTO to help influence our long term roadmap around risk and vulnerability management.
- Ensure we have the ability to effectively communicate about our risk framework and processes.
- Occasionally support the Customer Success and Sales Engineering teams with customer or partnership calls to provide technical expertise.
We value diversity and are committed to creating an inclusive environment for all employees. Censys is an equal opportunity employer.
Tags: APIs NIST OWASP Python Red team Vulnerabilities Vulnerability management
Perks/benefits: Flex vacation
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Security Analyst jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open ISO 27001-related jobs
- Open Clearance-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open CI/CD-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs