Staff Vulnerability Researcher

Bitsight is a cyber risk management leader transforming how companies manage exposure, performance, and risk for themselves and their third parties. Companies rely on Bitsight to prioritize their cybersecurity investments, build greater trust within their ecosystem, and reduce their chances of financial loss.
Built on over a decade of technological innovation, its integrated solutions deliver value across enterprise security performance, digital supply chains, cyber insurance, and data analysis.

• We invented the cyber ratings industry in 2011
• Over 3000 customers trust Bitsight
• Over 750 teammates are dispersed throughout Boston, Raleigh, New York, Lisbon, Singapore, and remote

The Vulnerability Research team within Bitsight’s Security Research department develops and deploys techniques to remotely detect the presence of recently disclosed vulnerabilities.  These techniques are integrated into the company’s Internet scanning infrastructure which enables Bitsight to measure the rate at which organizations patch and remediate vulnerabilities.  This function is a critical input into Bitsight’s capability to assess the effectiveness of organizational security programs as well as the ability to identify third party vulnerability exposures in organizations’ digital supply chains.  The team also enables a unique form of “vulnerability epidemiology” research in tracking the scale, impact, and organizational response for high-profile vulnerabilities.  This role will work alongside an international team of vulnerability researchers in the research and development of new vulnerability detection and inference tools and techniques as well as the integration and operationalization of those techniques within Bitsight’s telemetry collection infrastructure.

Objectives & Responsibilities

• Research and analyze emerging threats as well as newly published, high-profile vulnerabilities and contribute to the development of vulnerability intelligence tooling

• Conduct in-depth assessments of vulnerabilities to assess viability of remote, network-based detection methods

• Reverse engineer software and software patches to identify new detection methods

• Develop plugins, tools, and techniques to implement newly researched vulnerability detection and product fingerprinting capabilities

• Drive innovation by researching and developing new tools and techniques

• Provide technical leadership on research projects to include mentoring junior researchers and providing regular updates to stakeholders

• Identify opportunities for automation and process improvement within Bitsight workflows

• Develop vulnerability detection techniques, and communicate potential techniques, and the associated risk, with senior leadership

Qualifications:

• Bachelors degree in Computer Science or related field; Master’s degree preferred

• Experience in vulnerability research, penetration testing, and exploit development

• In depth knowledge of tactics, techniques, and procedures commonly used by threat actors

• Proven track record of innovation in the field of vulnerability research

• Experience in leading technical projects and mentoring junior team members

• Broad knowledge of information security principles and network protocols

• Experience in network-based vulnerability detection capability development

• Experience in source code analysis

• Familiarity software reverse engineering and patch diffing

• Strong communication and interpersonal skills

• Strong analytical and problem solving skills and a track record of solving ambiguous problems

• Machine learning experience is a plus

• Ownership mindset

• Proficient in python programming

Diversity. Bitsight is proud to be an equal opportunity employer. This means we do not tolerate discrimination of any kind and are committed to providing equal employment opportunities regardless of your gender identity, race, nationality, religion, sexual orientation, status as a protected veteran, or status as an individual with a disability.

Culture. We put our people first. Bitsight offers best in class benefits. We devote the same energy to nurturing our company's inclusive culture as we apply to serving our customers' needs. Working at Bitsight will give you the opportunity to fulfill your professional goals and expand your skills.

Open-minded. If you got to this point, we hope you’re feeling excited about the job description you just read.  Even if you don’t feel that you meet every single requirement, we still encourage you to apply.  We’re eager to meet people that believe in Bitsight’s mission and can contribute to our team in a variety of ways.

Additional Information for United States of America Applicants:

Bitsight also provides reasonable accommodations to qualified individuals with disabilities or based on a sincerely held religious belief in accordance with applicable laws. If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email recruiting@bitsight.com. This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications.

Qualified applicants with criminal histories will be considered for employment consistent with applicable law.

This position may be considered a promotional opportunity pursuant to the Colorado Equal Pay for Equal Work Act.