Senior Software Engineer, Risks and Vulnerability Management

Security teams need an accurate inventory of their organization’s Internet-facing assets along with prioritized and actionable risk information. Censys maintains the largest, most accurate and most credible map of the Internet, and we’re using that map to discover Internet-facing assets and risks for security practitioners. Censys provides a detailed demarcation of the perimeter and identifies risks to help security practitioners defend their organizations.

We’re looking for a Risks and Vulnerability Engineer to join our engineering team. You’ll be focused on increasing our risk detection coverage and vulnerability database with common vulnerabilities and emerging threats. You will also help conduct reconnaissance to help expand our capabilities to capture and monitor internet resources for risks. You will work directly with data engineering to provide guidance on building and scaling the tools, scanning infrastructure, and frameworks used to provide risks to our Enterprise Data Sets and Attack Surface Management platform. 

You’ll be directly responsible for supporting us in our ultimate mission to help organizations understand their infrastructure and security posture.

This Job is a Good Fit if You:

• Thrive in a fast paced startup environment where changes happen quickly and rapid response to emerging threats is a natural part of life.
• Enjoy diving into, breaking, and abusing protocols and systems to find risks in order to show others how to protect themselves.
• Contribute to our culture of learning. Take ownership of issues, admit mistakes, and work to improve over time.
• Make informed decisions by combining empirical evidence with domain expertise and good judgement
• Operate and contribute effectively as part of a team where we work together to solve problems

What You’ll Bring:

• Experience with risk and vulnerability management and the ability to create and help integrate risks into public datasets, frameworks, and APIs used by customer facing applications.
• Experience with Bug Bounty programs or internal security operations.
• Familiarity with vulnerability databases such as MITRE, OWASP, and NIST.
• A “Red Team” mentality to the data engineering and scanning team.
• You can work with your teammates to provide input on internal frameworks used to drive our risks framework. 
• Ability to contribute to Python and Go codebases, preferred but not required.
• You’re willing to pair up with anybody to solve problems, with an eye towards code quality and maintainability.
• You are a strong communicator. Explaining complex technical concepts to other engineers, designers, sales people, and content marketers is no problem for you.

What You’ll Do:

• Work closely with data engineering to tightly integrate risks, detection of emerging threats, and other vulnerability enrichments with our datasets.
• Develop new risks for our platform and/or help integrate with 3rd party sources.
• Provide guidance about the internal tooling and mechanisms for easily designing and deriving new risks.
• Work with data engineering to integrate risks with our scanning engine in an ethical manner.
• Work with rapid response to quickly and effectively implement new risks and vulnerabilities and to be able to generate actionable insights from our data when new vulnerabilities are discovered.
• Work with PM to understand business needs and market trends, and determine how our services need to evolve to fit upcoming needs.
• Support research and the Office of the CTO to help influence our long term roadmap around risk and vulnerability management.
• Ensure we have the ability to effectively communicate about our risk framework and processes.
• Occasionally support the Customer Success and Sales Engineering teams with customer or partnership calls to provide technical expertise.

We value diversity and are committed to creating an inclusive environment for all employees. Censys is an equal opportunity employer.