Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!
Responsibilities:
•
Research, analyze, and assess attack surface and vulnerability data
•
Develop tailored and actionable mitigation strategies and plans to address vulnerability risk
•
Work with new and emerging vulnerability data to identify potential attack paths in critical systems.
•
Document, develop and present mitigation strategies in web applications, databases, standalone applications, etc.
•
Analyze the root cause of vulnerabilities and support the prioritization of mitigations based on risk and return on mitigation
•
Provide mitigation strategies that prioritize risk against level of effort for multiple systems or organizations
•
Catalog mitigation advice, challenges, and trends and patterns
•
Patch diffing and reverse engineering with tools such as Ghidra, IDA, etc.
•
Provide subject matter expertise on tailored mitigations to resolve and remediate vulnerabilities on targeted technologies
•
Work in fast-paced startup like environment with shifting priorities to handle and maintain balance with multiple stakeholders.
•
Conduct research to assess and create software patches and configuration changes to be applied to varied software, middleware and hardware
•
Provide assessment including security, system, and business impact of vulnerabilities
•
Must be able to think ahead to avoid business outages based on the lab results
•
Analyze vulnerability data and support management of identified vulnerabilities, including tracking, remediation, and reporting
Desired Skills:
•
Excellent understanding of network, system and application security
•
Experience with IDA Pro, Ghidra, or similar binary analysis tool
•
Knowledge of various vulnerability scanning solutions is a plus
•
Excellent written and verbal communication
•
Graduate with preferable 4 years degree or at least 3-year degree with computer science and information technology background
•
Secure architecture designs and use of detection/protection mechanisms (e.g., firewalls, IDS/IPS, full-packet capture technologies) to mitigate risk
•
A solid understanding of industry best practices for Patch Management
•
Specific demonstrated experience mapping business processes and comparing those processes to industry best practices
•
Background around using or understanding of security tools would be plus
•
Solid understanding of the security implications of a patch on web applications, Windows, Linux, Mac OS operating systems
•
Thorough testing of patches in a non-production environment
•
Have working knowledge of basic operation systems commands and tooling - Windows, Linux, Mac OS
•
Should have very good communication and articulation skills
•
Ability and ready to learn new technology and should be a good team player
What you get to do:
Work within Threat Research, detection and response teams and analysts to define the priority, design the solution, and contribute to build framework for patching vulnerabilities
