This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more.

Role Description

VulnCheck is looking for a Senior Exploit Developer with a background in reverse engineering and exploit development. This role is on our Initial Access Intelligence team, which delivers exploits and related artifacts designed to give VulnCheck customers visibility into exploitation from exposure through execution and detection. You’ll work with a seasoned team of hackers and threat researchers to help global enterprises, governments, and intelligence firms defend against emerging threats and get ahead of the attacker curve.

This is a 100% remote role based in the United States, though we are primarily looking for candidates in Massachusetts, Maryland, and Texas.

What You’ll Do

• Reverse engineering software to discover the root cause of both zero-day and n-day vulnerabilities
• Writing original software exploits for initial access vulnerabilities using VulnCheck’s open-source go-exploit framework, including when there are no public PoCs or vulnerability details
• Implementing detections (such as Suricata & Snort signatures, YARA rules, etc.) that accurately identify initial access vulnerabilities being exploited on the wire
• Writing Attack Surface Management (ASM) queries (e.g., Shodan, Census, FOFA, & ZoomEye) to find vulnerable systems likely to be targeted
• Contributing to technical blogs and/or conference talks (optional) on exploit development and attack trends

Qualifications

• Prior experience with exploit development for RCE / initial access vulnerabilities (that do not require authentication to exploit)
• Comfort with reverse engineering and patch diffing
• Experience with Git-based project development
• Experience working on technical projects remotely, alone, and on small teams

Preferred Qualifications

• Prior cybersecurity work experience (at a vendor or in government)
• Ability to share example exploit code written
• Some experience with programming / software development is helpful
• Experience writing technical blogs and/or giving conference talks is a big plus

Benefits

• Competitive salary with employee equity program
• Health, dental, and vision coverage
• Unlimited PTO + All federal holidays observed
• 401(k) program - 100% match on the first 3%, then 50% of the next 3-5% of compensation
• Short and long-term disability coverage
• Remote friendly environment with flexibility
• Expense reimbursement for home internet and phone
• Ongoing professional development, coaching, and learning resources
• Opportunities for career advancement within a fast-growing team

Company Description

VulnCheck is transforming vulnerability intelligence by helping security teams act faster and with more confidence. Built on over two decades of cybersecurity experience, our team of experts understands the intricacies of vulnerabilities, their exploitation in the wild, and how to leverage this data to build more effective cybersecurity products that produce better outcomes for organizations.

VulnCheck gives organizations a tactical advantage by providing best-in-class exploit & vulnerability intelligence information. We have a sense of duty to protect the critical infrastructure we rely on including medical devices, power grids and telecommunication networks. We were founded in 2021 in Lexington, Massachusetts.

VulnCheck has a transparent, collaborative, and supportive culture - we are looking for people who have a growth mindset, are curious and innovative. Our team is smart, but humble, hardworking, and supportive.

VulnCheck is proud to be an Equal Employer Opportunity employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. VulnCheck is committed to working with and providing reasonable accommodations to applicants with physical and mental disabilities.