Security Research Engineer

As a Security Research Engineer, you will help convert security research into happy customers. You’ll be responsible for digging deep into network protocols and device threat surfaces to identify devices and services for the runZero platform. You'll be responsible for enhancing overall coverage by creating and updating asset and service fingerprints. Delving into the scanner code (we use Go), you'll address bugs, explore intriguing devices, and investigate vulnerabilities, pioneering new scanning techniques and fingerprinting methods through research and development. Beyond technical aspects, you'll contribute to the continuous improvement of runZero by writing engaging content for the blog, sharing in-depth research findings, and tactical posts for customer value, and collaborating closely with the engineering team. This dynamic role also involves active participation in planning discussions and occasional contributions to the development of new features and bug fixes.

What you’ll do:

• Add or improve 15+ customer-facing fingerprints per week through writing/updating regular expressions (regex) in XML files and writing Golang code
• Investigate and resolve 5+ customer issues per week, using standard network analysis tools (Wireshark, etc.) as appropriate
• Participate in the development and delivery of a customer-facing feature 1 release cycle per quarter, using standard developer tools and processes (Git, issue tracking, testing, code reviews)
• Fix 1+ bugs per release cycle, and create new issues (bugs, features) when appropriate.
• Keep up with the threat intelligence landscape, to know when new threats might be important to our customers
• Periodically contribute to research and blog posts
• In addition to the engineering team, regularly communicate and collaborate with peers across the company to learn and support our product and sales operations

Skills you have:

• You are proficient at writing advanced Go and working with large Go codebases.
• You have a good understanding of modern networking protocols and network analysis tools (e.g. Wireshark).
• You have experience with vulnerability discovery and/or threat intelligence, and a passion for information security.
• You have a love (or at least tolerable fondness) for regular expressions.
• You want to figure out how things work “behind the scenes.”
• You are comfortable working with Linux systems.

Salary range:

runZero values transparency in the hiring process. According to our market data, we’re expecting this role to come in at a salary of about $100k - $130k, plus stock options. We know that the talent market is always in flux, so please let us know if you believe we have advertised this role in the wrong salary band.

Benefits

• Top of the line medical, dental, vision, life and disability coverages with runZero paying for 99% of the premium
• A stock option plan consistent with early stage, rapidly-growing startups
• A competitive salary composed of cash and equity compensation
• A flexible vacation policy
• 401(k) matching program

Applications

runZero positions are currently restricted to the United States. International applications will not be considered.

runZero is an Equal Opportunity Employer and does not discriminate on the basis of race, religion, color, sex, gender identity, sexual orientation, age, disability, national origin, veteran status, marital status, ancestry, nationality or any other basis covered by applicable law.