Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!
Responsibilities
:
Research, analyze, and assess attack surface and vulnerability
data
Develop tailored and actionable mitigation strategies and plans to address vulnerability
risk
Work with new and emerging vulnerability data to
identify
potential attack paths in critical systems.
Document
, develop
and present mitigation strategies
in
web applications
,
databases,
standalone applications, etc.
Analyze the root cause of vulnerabilities and support the prioritization of mitigations based on risk and return on mitigation
Provide mitigation strategies that prioritize risk against level of effort for multiple systems or
organizations
Catalog mitigation advice, challenges, and trends and patterns
Patch
diffing and
r
everse engineering
with tools such as
Ghidra
, IDA, etc.
Provide subject matter
expertise
on tailored mitigations to resolve and remediate vulnerabilities on targeted
technologies
W
ork in fast-paced
startup
like
environment
with shifting priorities to handle and
maintain
balance with multiple stakeholders.
Conduct research to assess and create software patches and configuration changes to be applied to varied software,
middleware
and
hardware
Provide assessment including security, system, and business impact of
vulnerabilities
Must be able to think ahead to avoid business outages based on the lab
results
Analyze vulnerability data and support management of identified vulnerabilities, including tracking, remediation, and
reporting
Desired Skills
:
Excellent understanding of network,
system
and application security
Experience with IDA Pro,
Ghidra
, or similar binary analysis tool
Knowledge of various vulnerability scanning solutions is a
plus
Excellent written and verbal communication
Graduate with preferable 4 years degree or at least 3-year degree with computer science and information technology background
S
ecure architecture designs and use of detection/protection mechanisms (e.g., firewalls, IDS/IPS, full-packet capture technologies) to mitigate
risk
A solid understanding of industry best practices for Patch Management
Specific demonstrated experience mapping business processes and comparing those processes to industry best
practices
Background around using or understanding of security tools would be
plus
Solid understanding of the security implications of a patch on web applications, Windows, Linux, Mac OS operating systems
Thorough testing of patches in a non-production environment
Have working knowledge of basic operation systems commands and tooling - Windows, Linux, Mac OS
Should have
very good
communication and articulation
skills
Ability and ready to learn
new technology
and should be a good team
player
What you get to do
:
Work within Threat Research, detection and response teams and analysts to define the priority, design the solution, and contribute to build framework for patching
vulnerabilitie
s
