Back End Developer

About the Role:

This role will be looking for information about various kinds of security vulnerabilities, known or unknown, including zero-day vulnerabilities and enriching the CS security vulnerability detection database. The person will be required to gather the data, analyse the data, identify its criticality, and also automate tasks. He/ she will also be responsible for troubleshooting issues with current data and making enhancements.

What You'll Do:

• Collecting, analyzing, interpreting, evaluating, and integrating vulnerability data from multiple sources to update existing product
• Understanding of common compliance/vulnerability classes and exploitation techniques
• Actively investigate the latest in security vulnerabilities/misconfigurations, advisories, incidents, and provide insights (sources like, Microsoft, Oracle, etc)
• Troubleshooting security vulnerability/misconfiguration issues/ gaps that arise
• Vulnerability data discovery and validation (Data efficacy & Accuracy)
• Develop, test and modify custom scripts for vulnerability/CIS content

What You'll Need:

• 6-12 years of relevant experience
• Programming/scripting knowledge for automating day to day tasks – Python/ Perl, Golang.
• Good understanding of vulnerabilities reported by various sources and their types.
• Platform knowledge (ex: Windows system concepts like registry, files, services, etc)
• In-depth knowledge of both security and network fundamentals, such as cryptography, authentication, access control, and network protocols (TCP/IP, UDP, DNS, HTTP, etc.). Understanding the security implications and potential vulnerabilities associated with these concepts
• Research mindset, has a hold on where to look for relevant information pertaining to reported vulnerabilities.
• Ability to work independently and in a team environment
• Excellent oral, written, and interpersonal communication skills, with the ability to effectively convey complex technical concepts and interact with customers and team members alike
• Provide influential insights across multiple teams

• Bonus Points:

• Knowledge of Configuration Assessment and Compliance domain
• Good understanding of CIS benchmarks and DISA STIGs
• Good knowledge on regulatory frameworks like CIS PCI, SOX, FISMA, HIPAA, ISO NERC, NIST etc will be an added advantage.
• Knowledge of Vulnerability/exploit research and creating signatures for the same
• Platform knowledge of one or more of non-windows (like Linux Distros, macOS)
• Prior experience working with Nessus, Qualys, Rapid 7, Tripwire etc
• Knowledge of NIST and OWASP is big plus