BitSight is transforming how companies manage information security risk with objective, verifiable and actionable Security Ratings. BitSight’s platform continuously analyzes vast amounts of external data on security issues and behaviors in order to help organizations manage third party risk, underwrite cyber insurance policies, benchmark performance, conduct M&A due diligence and assess aggregate risk. Fifty percent of the world’s cyber insurance premiums are underwritten by BitSight customers, all 4 of the Big 4 accounting firms use BitSight, and 4 of the top 5 investment banks rely on our solution to manage cyber risks.

You will be a member of the BitSight security data research team. The main goals of the team is to provide BitSight with subject matter expertise in cyber security, and is focused primarily on the analysis of new data inputs, vulnerabilities, and supporting the threat research efforts.

More particularly, you will lead a team of vulnerability researchers within the security research team with the mission of timely and accurately identifying vulnerabilities and vulnerable software assets across the Internet, using our Internet scanning platform.  

Primary Duties:

• Help BitSight maintain the most accurate and up-to-date global visibility on new vulnerabilities and software fingerprints;
• Manage a team of vulnerability researchers with the objective of adding new software fingerprints and vulnerability checks into our Internet scanning platform;
• Help BitSight maintain global visibility over the current threat landscape;

Operational Duties:

• Keep up with newly published vulnerabilities;
• Manage members of the vulnerability research team, reviewing their work, including code and results produced;
• Identify bottlenecks and propose changes to the vulnerability research process;
• Understand the technical details of the published vulnerabilities as well as their real risk;
• Build scripts and software modules to verify the presence of vulnerabilities;
• Effectively communicate the vulnerability impact;
• Reverse-engineer vulnerability patches in order to better understand certain vulnerabilities;
• Assist in analyzing data from internet scanning tools in order to validate its accuracy;
• Assist in the development of tools to improve vulnerability or threat research.

Experience, Skills and Knowledge:

• Fast learner and motivated.
• Experience managing small teams spanning multiple time zones and locations;
• Previous experience in leading security audits or vulnerability research projects;
• Must be particularly interested in cybersecurity;
• BSc or MSc is desirable;
• Comfortable working in Windows, OS X, Linux and Android environments;
• Technical knowledge of network protocols and security concepts;
• Comfortable with at least one programming language, ideally Python.

What we offer:

• Great company - BitSight pioneered the market and the Security Rating is becoming increasingly important worldwide as the standard,
• Good work environment and perks;
• Very knowledgeable and helpful team;

For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance.  This position may be considered a promotional opportunity, pursuant to the Colorado Equal Pay for Equal Work Act.  If you are resident of Colorado, please email us at [email protected] to receive compensation and benefits information for this role.