[Hiring] Vulnerability and Exploitation Researcher @runZero

Role Description

As a Vulnerability Researcher, you'll play a critical role in uncovering and analyzing vulnerabilities to strengthen runZero’s detection and intelligence capabilities. Your responsibilities will include:

• Researching current vulnerabilities and exploits using trusted sources, and staying up to date with threat intelligence.
• Writing root cause analyses and technical reports, clearly communicating findings to technical audiences.
• Proactively monitoring security-related information sources to discover new vulnerabilities and attack vectors.
• Applying analytical expertise to investigate malware, phishing, mobile, and brand threats, delivering actionable vulnerability intelligence.
• Assessing the impact of vulnerabilities on critical systems and advising stakeholders on remediation strategies.
• Building custom detection rules, identifying unique attack attributes, and surfacing vulnerable internet-connected assets.
• Assessing in-the-wild exploitation readiness.
• Researching and developing new exploits and attack techniques.
• Working with product and research engineers to develop vulnerability checks, fingerprints, queries, and detections.
• Collaborating with the engineering team to add findings to the codebase, ideally in Golang.

Qualifications

• Hands-on experience with common vulnerability classes and exploitation techniques.
• Familiarity with CVE (Common Vulnerabilities and Exposures), CWE (Common Weakness Enumeration), CVSS (Common Vulnerability Scoring System), EPSS (Exploit Prediction Scoring System).
• Experience using vulnerability and compliance scanning tools (Tenable, Rapid7, Qualys, Rockwell, and many other options).
• Solid grasp of security advisories, vulnerability exploitation, and threat impact.
• Experience collaborating with engineers on automated tooling and detection rules.
• Familiarity with Git, GitHub, CI/CD processes.
• Familiarity with at least one programming language and the ability to use it to automate tasks (e.g. Go, Python, or Ruby).
• Knowledge of regular expressions (regex) and SQL for querying large databases is a big plus.
• Experience coding in Go is a big plus.
• Presentation skills at hacker conferences is a big plus.

Requirements

• Salary Range: $150,000 - $180,000.

Benefits

• Fully remote: runZero is a 100% remote company.
• 100% of the premium platinum-level medical, vision, dental, life, and short-term disability coverage for you and your dependents.
• 401k: We match 4% of 401K contributions.
• Unlimited PTO, 11 official company holidays, and a recharge week at the end of the year.
• 12 weeks of paid parental leave.
• A culture of collaboration with a diverse team representing various backgrounds and perspectives.

Applications

runZero positions are currently restricted to the United States and the United Kingdom. All other International applications will not be considered. runZero is an Equal Opportunity Employer and does not discriminate on the basis of race, religion, color, sex, gender identity, sexual orientation, age, disability, national origin, veteran status, marital status, ancestry, nationality or any other basis covered by applicable law.

We encourage under-represented applicants to apply, even if you don’t think you fit 100% of the criteria (nobody ever does)!