Staff Research Analyst (Vulnerability Research Team)

About The Position

Requirements

• Some experience in vulnerability management, security research, or penetration testing.
• Developing knowledge of TCP/IP and standard networking protocols, with early experience applying these concepts in network vulnerability scanning and asset discovery.
• Familiarity with common open source security software such as Nuclei, OpenVAS, or Nmap.
• Familiarity with conducting vulnerability assessments on operating systems (Windows, Linux, macOS, or Unix-based) using agent-based and network-based scanning tools.
• Knowledge of cybersecurity frameworks and vulnerability methodologies.
• Familiarity with current penetration and security assessment tools such as Metasploit, Nmap, Burp Suite, Wireshark, etc.
• Experience contributing to public vulnerability research, submitting CVEs or creating proof-of-concept exploits.

Nice To Haves

• Able to switch between research, design, prototype, and implementation.
• Proficient in Python.
• Familiar with, or eager to learn Java, Golang, C/C++ or RUST.
• Hands-on experience configuring, tuning and troubleshooting enterprise vulnerability-management platforms (e.g. Nessus, Qualys, Tenable, Rapid7) and interpreting scan-data to validate and prioritize remediation.
• Experience deploying and managing vulnerability assessment solutions (agent-based and network-based) to support compliance initiatives such as SOC 2, or CIS Benchmarks, including policy configuration, scan scheduling, and evidence generation for audits.
• Experience using cloud managed services (ideally in GCP)
• Are familiar with distributed data stores, such as BigQuery and BigTable, as well as relational databases such as PostgreSQL and MySQL.
• Familiarity with patch management processes and tools (eg.WSUS or SCCM) knowing how vulnerabilities are remediated.
• Familiarity with embedded systems, mobile platforms (eg Android and iOS).
• Knowledge of network architectures; understands subnetting and routing and how VLANs work and affect network scanning.
• Cybersecurity knowledge demonstrated with base level certifications (eg. OSCP, GPEN, or Pentest+) or willingness to obtain.

Responsibilities

• Conduct vulnerability assessment research and testing, enhance automation processes, and ensure a smooth workflow for identifying, validating and mitigating customer security risks.
• Develop and maintain a comprehensive, industry-leading repository of vulnerability content for network and endpoint based scanners to enhance detection and mitigation strategies.
• Analyze existing solutions, identify barriers to quality, recommend changes, then implement.
• Participate in architecture discussions and contribute to designing solutions that meet the needs of different Cortex teams.
• Collaborate with teams to solve problems, reduce technical debt, and evolve development practices.
• Drive technical best practices and evangelize new technologies within the engineering organization.
• Contribute to projects, help move them forward, and assist with production support.