Empresa:

Bitsight

Descrição da Função

Bitsight is a cyber risk management leader transforming how companies manage exposure, performance, and risk for themselves and their third parties. Companies rely on Bitsight to prioritize their cybersecurity investments, build greater trust within their ecosystem, and reduce their chances of financial loss.

Built on over a decade of technological innovation, its integrated solutions deliver value across enterprise security performance, digital supply chains, cyber insurance, and data analysis.

• We invented the cyber ratings industry in 2011
• Over 3000 customers trust Bitsight
• Over 750 teammates are dispersed throughout Boston, Raleigh, New York, Lisbon, Singapore, and remote

The Vulnerability Research team within Bitsight's Security Research department develops and deploys techniques to remotely detect the presence of recently disclosed vulnerabilities. These techniques are integrated into the company's Internet scanning infrastructure which enables Bitsight to measure the rate at which organizations patch and remediate vulnerabilities. This function is a critical input into Bitsight's capability to assess the effectiveness of organizational security programs as well as the ability to identify third party vulnerability exposures in organizations' digital supply chains. The team also enables a unique form of "vulnerability epidemiology" research in tracking the scale, impact, and organizational response for high-profile vulnerabilities. This role will work alongside an international team of vulnerability researchers in the research and development of new vulnerability detection and inference tools and techniques as well as the integration and operationalization of those techniques within Bitsight's telemetry collection infrastructure.

Objectives & Responsibilities

• Maintain situational awareness of newly published, high-profile vulnerabilities and contribute to the development of vulnerability intelligence tooling
• Triage open source technical reporting to assess viability of remote, network-based detection methods for new vulnerabilities in alignment with Bitsight's vulnerability prioritization framework
• Reverse engineer software and software patches to identify new detection methods
• Develop new python modules within Bitsight's Internet scanning framework to implement newly researched vulnerability detection and product fingerprinting capabilities
• Conduct peer review of teammate detection capabilities to provide feedback on potential improvements and to evaluate the intrusiveness of the capability in alignment with Bitsight's vulnerability scanning risk management framework
• Analyze Internet scan results to evaluate technique efficacy and ensure data quality of new detection capabilities
• Contribute to tooling and infrastructure that enables the team to increase the scale and efficiency capability delivery
• Collaborate with the Product Management team in the design of new vulnerability-related Bitsight product features

Qualifications:

• Broad knowledge of information security principles and network protocols
• Experience in network-based vulnerability detection capability development
• Experience in source code analysis
• Familiarity software reverse engineering and patch diffing
• Strong communication and analytical skills, including the ability to identify and solve ambiguous problems
• Ownership mindset
• Proficient in python programming

Observações

Not Specified (Portugal)