Key skills
Vulnerability analysisThreat intelligenceNuclei templatesCVE familiarityVulnerability scanning toolsSQL proficiencyDevelopment toolsRegular expressionsProgramming languageTeam collaborationPythonGoSQLGitGitHubCI/CD
About this role
runZero is a company focused on transforming vulnerability management and enhancing exposure management. They are seeking a Junior Security Research Engineer to research and analyze vulnerabilities, develop detection capabilities, and contribute to the runZero platform.
Responsibilities:
- Research current vulnerabilities and exploits using trusted sources, and stay up to date with threat intelligence
- Proactively monitor security-related information sources to discover new vulnerabilities and attack vectors
- Write Nuclei templates to identify applications, misconfigured services, and vulnerable software to be leveraged by the runZero scan engine
- Research new ways to identify vulnerable devices and assets, and add those capabilities to the runZero platform
- Produce root cause analyses and technical reports, clearly communicating findings to both technical and non-technical audiences
- Analyze network traffic and write network protocol parsers and probes in Go to be integrated into the runZero platform
- Stay up to date with the threat intelligence landscape to help us know what threats may be important to our customers
- Periodically contribute to research blogs and webcasts
Requirements:
- Hands-on experience with common vulnerability classes and exploitation techniques
- Familiarity with CVE (Common Vulnerabilities and Exposures), CWE (Common Weakness Enumeration), and CVSS (Common Vulnerability Scoring System)
- Experience using vulnerability and compliance scanning tools
- Solid grasp of security advisories, vulnerability exploitation, and threat impact
- Familiarity with software vulnerabilities and modern detection tools (e.g. Nuclei)
- Familiarity with SQL and querying large databases would be extremely helpful
- Proficiency with standard development tools and paradigms (Git, GitHub, CI/CD, etc.)
- A love (or at least fond tolerance) of regular expressions
- Familiarity with at least one programming language and the ability to use it to automate tasks (e.g. Python or Go)
- Have an opinion, play well with others, work hard, and enjoy being a core member of a growing startup