Junior Security Research Engineer
RunZero
Job Overview
Who's the hiring manager?
Sign up to PitchMeAI to discover the hiring manager's details for this job. We will also write them an intro email for you.
Job Description
About runZero
At runZero, we're a team of dreamers and creative thinkers who aren't afraid to shake up the status quo. Fixing what’s broken with legacy vulnerability management and overcoming persistent, decades-old problems requires a new approach.
Our platform provides a single source of truth for exposure management across the total attack surface. Without requiring agents, authentication, or appliances, runZero delivers the most complete and accurate visibility into every asset and exposure across internal, external, IT, OT, IoT, mobile, and cloud environments — including uncovering unknown and unmanageable devices and broad classes of exposures that evade traditional tools.
Founded by HD Moore (creator of Metasploit), runZero is trusted by more than 500 companies and 30,000 users worldwide to find and mitigate risks faster, meet compliance requirements, and improve overall security. See for yourself with a free trial!
The Role: Junior Security Research Engineer
We are growing the runZero Research team and searching for a Junior Security Research Engineer to help develop the runZero product. Our research team works to convert cutting-edge security research into happy customers. As a member of the research team, you'll play a critical role in uncovering and analyzing vulnerabilities to strengthen runZero’s detection and intelligence capabilities. You will be working as part of a team focused on building and supporting a state-of-the-art asset and exposure management platform.
Key Responsibilities
- Research current vulnerabilities and exploits using trusted sources, and stay up to date with threat intelligence
- Proactively monitor security-related information sources to discover new vulnerabilities and attack vectors
- Write Nuclei templates to identify applications, misconfigured services, and vulnerable software to be leveraged by the runZero scan engine
- Research new ways to identify vulnerable devices and assets, and add those capabilities to the runZero platform
- Produce root cause analyses and technical reports, clearly communicating findings to both technical and non-technical audiences
- Analyze network traffic and write network protocol parsers and probes in Go to be integrated into the runZero platform
- Stay up to date with the threat intelligence landscape to help us know what threats may be important to our customers
- Periodically contribute to research blogs and webcasts
Required Skills & Experience
- Hands-on experience with common vulnerability classes and exploitation techniques
- Familiarity with CVE (Common Vulnerabilities and Exposures), CWE (Common Weakness Enumeration), and CVSS (Common Vulnerability Scoring System)
- Experience using vulnerability and compliance scanning tools
- Solid grasp of security advisories, vulnerability exploitation, and threat impact
- Familiarity with software vulnerabilities and modern detection tools (e.g. Nuclei)
- Familiarity with SQL and querying large databases would be extremely helpful
- Proficiency with standard development tools and paradigms (Git, GitHub, CI/CD, etc.)
- A love (or at least fond tolerance) of regular expressions
- Familiarity with at least one programming language and the ability to use it to automate tasks (e.g. Python or Go)
- Have an opinion, play well with others, work hard, and enjoy being a core member of a growing startup
What runZero Offers
- Fully remote: runZero is a 100% remote company, offering flexibility and freedom.
- Benefits: We pay for 100% of the premium platinum-level medical, vision, dental, life, and short-term disability coverage for you and your dependents.
- 401k: We match 4% of 401K contributions.
- Time off: We offer unlimited PTO, 11 official company holidays, and a recharge week.
- Paid parental leave: We offer 12 weeks of paid parental leave.
- Culture of collaboration: Our diverse team fosters an inclusive and vibrant environment with flexible schedules and supportive coworkers.
Interview Process
- Initial one-on-one interviews with a recruiter and manager
- Panel interviews with the team
- Candidate challenge – a role-specific challenge to showcase your strengths
- A final interview, conducted either remotely or in-person
Key skills/competency
- Vulnerability Research
- Threat Intelligence
- Nuclei Templating
- Network Protocol Analysis
- Go Programming
- Exploit Analysis
- Security Advisories
- Asset Identification
- Exposure Management
- Git
How to Get Hired at RunZero
- Research runZero's culture: Study their mission, values, recent news, and employee testimonials on LinkedIn and Glassdoor.
- Tailor your resume: Highlight experience with vulnerability research, Go/Python, Nuclei, and exposure management.
- Showcase security knowledge: Prepare to discuss CVE, CWE, CVSS frameworks, and common exploitation techniques.
- Practice technical challenges: Expect a role-specific exercise to demonstrate practical coding and analysis skills.
- Engage with the team: Be ready for collaborative discussions on threat intelligence and innovative security solutions.
Frequently Asked Questions
Find answers to common questions about this job opportunity
Explore similar opportunities that match your background