Job Description

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!

Responsibilities

• Research, analyze, and assess attack surface and vulnerabilitydata

• Develop tailored and actionable mitigation strategies and plans to address vulnerabilityrisk

• Work with new and emerging vulnerability data toidentifypotential attack paths in critical systems.

• Document, developand present mitigation strategiesinweb applications,databases,standalone applications, etc.

• Analyze the root cause of vulnerabilities and support the prioritization of mitigations based on risk and return on mitigation

• Provide mitigation strategies that prioritize risk against level of effort for multiple systems ororganizations

• Catalog mitigation advice, challenges, and trends and patterns

• Patchdiffing andreverse engineeringwith tools such asGhidra, IDA, etc.

• Provide subject matterexpertiseon tailored mitigations to resolve and remediate vulnerabilities on targetedtechnologies

• Work in fast-pacedstartuplikeenvironmentwith shifting priorities to handle andmaintainbalance with multiple stakeholders.

• Conduct research to assess and create software patches and configuration changes to be applied to varied software,middlewareandhardware

• Provide assessment including security, system, and business impact ofvulnerabilities

• Must be able to think ahead to avoid business outages based on the labresults

• Analyze vulnerability data and support management of identified vulnerabilities, including tracking, remediation, andreporting

Desired Skills

• Excellent understanding of network,systemand application security

• Experience with IDA Pro,Ghidra, or similar binary analysis tool

• Knowledge of various vulnerability scanning solutions is aplus

• Excellent written and verbal communication

• Graduate with preferable 4 years degree or at least 3-year degree with computer science and information technology background

• Secure architecture designs and use of detection/protection mechanisms (e.g., firewalls, IDS/IPS, full-packet capture technologies) to mitigaterisk

• A solid understanding of industry best practices for Patch Management

• Specific demonstrated experience mapping business processes and comparing those processes to industry bestpractices

• Background around using or understanding of security tools would beplus

• Solid understanding of the security implications of a patch on web applications, Windows, Linux, Mac OS operating systems

• Thorough testing of patches in a non-production environment

• Have working knowledge of basic operation systems commands and tooling - Windows, Linux, Mac OS

• Should havevery goodcommunication and articulationskills

• Ability and ready to learnnew technologyand should be a good teamplayer

What you get to do

Work within Threat Research, detection and response teams and analysts to define the priority, design the solution, and contribute to build framework for patchingvulnerabilities