Bitsight is a cyber risk management leader transforming how companies manage exposure, performance, and risk for themselves and their third parties. Companies rely on Bitsight to prioritize their cybersecurity investments, build greater trust within their ecosystem, and reduce their chances of financial loss.
Built on over a decade of technological innovation, its integrated solutions deliver value across enterprise security performance, digital supply chains, cyber insurance, and data analysis.
We invented the cyber ratings industry in
Over 3000 customers trust Bitsight.
Over 750 teammates are dispersed throughout Boston, Raleigh, New York, Lisbon, Singapore, and remote.
The Vulnerability Research team within Bitsight's Security Research department develops and deploys techniques to remotely detect the presence of recently disclosed vulnerabilities. These techniques are integrated into the company's Internet scanning infrastructure, enabling Bitsight to measure how organizations patch and remediate vulnerabilities. This function is critical for assessing organizational security and identifying third-party vulnerability exposures in digital supply chains. The team also conducts 'vulnerability epidemiology' research, tracking the scale, impact, and organizational response to profile vulnerabilities.
This role involves working alongside an international team of vulnerability researchers to develop new detection and inference tools, and to integrate these into Bitsight's telemetry infrastructure.
Objectives & Responsibilities
* Maintain situational awareness of newly published profile vulnerabilities and contribute to vulnerability intelligence tooling development.
* Assess open source technical reports to evaluate remote detection methods for new vulnerabilities, aligning with Bitsight's prioritization framework.
* Reverse engineer software and patches to identify new detection methods.
* Develop Python modules within Bitsight's Internet scanning framework to implement new detection capabilities.
* Conduct peer reviews of detection capabilities to improve techniques and evaluate their intrusiveness, aligning with risk management frameworks.
* Analyze scan results to evaluate technique efficacy and data quality.
* Contribute to tooling and infrastructure improvements to increase scalability and efficiency.
* Collaborate with Product Management to design new product features related to vulnerability detection.
Qualifications
* Broad knowledge of information security principles and network protocols.
* Experience in vulnerability detection capability development.
* Experience in source code analysis.
* Familiarity with software reverse engineering and patch diffing.
* Strong communication and analytical skills, with the ability to solve ambiguous problems.
* Ownership mindset.
* Proficiency in Python programming.
#J-18808-Ljbffr