Back End Developer

About the Role : This role will be looking for information about various kinds of security vulnerabilities, known or unknown, including zero-day vulnerabilities and enriching the CS security vulnerability detection database. The person will be required to gather the data, analyse the data, identify its criticality, and also automate tasks. He / she will also be responsible for troubleshooting issues with current data and making enhancements.

What You'll Do :

Collecting, analyzing, interpreting, evaluating, and integrating vulnerability data from multiple sources to update existing product

Understanding of common compliance / vulnerability classes and exploitation techniques

Actively investigate the latest in security vulnerabilities / misconfigurations, advisories, incidents, and provide insights (sources like, Microsoft, Oracle, etc)

Troubleshooting security vulnerability / misconfiguration issues / gaps that arise

Vulnerability data discovery and validation (Data efficacy & Accuracy)

Develop, test and modify custom scripts for vulnerability / CIS content

What You'll Need :

6-12 years of relevant experience

Programming / scripting knowledge for automating day to day tasks – Python / Perl, Golang.

Good understanding of vulnerabilities reported by various sources and their types.

Platform knowledge (ex : Windows system concepts like registry, files, services, etc)

In-depth knowledge of both security and network fundamentals, such as cryptography, authentication, access control, and network protocols (TCP / IP, UDP, DNS, etc.). Understanding the security implications and potential vulnerabilities associated with these concepts

Research mindset, has a hold on where to look for relevant information pertaining to reported vulnerabilities.

Ability to work independently and in a team environment

Excellent oral, written, and interpersonal communication skills, with the ability to effectively convey complex technical concepts and interact with customers and team members alike

Provide influential insights across multiple teams

Bonus Points :

Knowledge of Configuration Assessment and Compliance domain

Good understanding of CIS benchmarks and DISA STIGs

Good knowledge on regulatory frameworks like CIS PCI, SOX, FISMA, HIPAA, ISO NERC, NIST etc will be an added advantage.

Knowledge of Vulnerability / exploit research and creating signatures for the same

Platform knowledge of one or more of non-windows (like Linux Distros, macOS)

Prior experience working with Nessus, Qualys, Rapid 7, Tripwire etc

Knowledge of NIST and OWASP is big plus