Censys knows the internet and cloud better than anyone else. Attack Surface Management provides customers with an attacker-centric view of all externally facing internet and cloud to extend visibility, prioritize, and remediate the most critical risk exposures that will actually lead to a breach. Our daily IPv4 scans and the world’s largest SSL/TLS Certificate database enables customers with the most accurate and continuously updated attack surfaces. Enterprise security teams leverage Censys to keep pace with the speed of the business and gain an advantage on the rapidly evolving cyber-attack threats.

Role Summary:

We’re looking for a Risks and Vulnerability Engineer to join our engineering team. You’ll be focused on increasing our risk detection coverage and vulnerability database with common vulnerabilities and emerging threats. You will also help conduct reconnaissance to help expand our capabilities to capture and monitor internet resources for risks. You will work directly with data engineering to provide guidance on building and scaling the tools, scanning infrastructure, and frameworks used to provide risks to our Enterprise Data Sets and Attack Surface Management platform. 

You’ll be directly responsible for supporting us in our ultimate mission to help organizations understand their infrastructure and security posture.

Role Responsibilities:

• Work closely with data engineering to tightly integrate risks, detection of emerging threats, and other vulnerability enrichments with our datasets.
• Develop new risks for our platform and/or help integrate with 3rd party sources.
• Provide guidance about the internal tooling and mechanisms for easily designing and deriving new risks.
• Work with data engineering to integrate risks with our scanning engine in an ethical manner.
• Work with rapid response to quickly and effectively implement new risks and vulnerabilities and to be able to generate actionable insights from our data when new vulnerabilities are discovered.
• Work with PM to understand business needs and market trends, and determine how our services need to evolve to fit upcoming needs.
• Support research and the Office of the CTO to help influence our long term roadmap around risk and vulnerability management.
• Ensure we have the ability to effectively communicate about our risk framework and processes.
• Occasionally support the Customer Success and Sales Engineering teams with customer or partnership calls to provide technical expertise.

Required Qualifications:

• Experience with risk and vulnerability management and the ability to create and help integrate risks into public datasets, frameworks, and APIs used by customer facing applications.
• Experience with Bug Bounty programs or internal security operations.
• Familiarity with vulnerability databases such as MITRE, OWASP, and NIST.
• A “Red Team” mentality to the data engineering and scanning team.
• You can work with your teammates to provide input on internal frameworks used to drive our risks framework. 
• Ability to contribute to Python and Go codebases, preferred but not required.
• You’re willing to pair up with anybody to solve problems, with an eye towards code quality and maintainability.
• You are a strong communicator. Explaining complex technical concepts to other engineers, designers, sales people, and content marketers is no problem for you.
• Thrive in a fast paced startup environment where changes happen quickly and rapid response to emerging threats is a natural part of life.
• Enjoy diving into, breaking, and abusing protocols and systems to find risks in order to show others how to protect themselves.
• Contribute to our culture of learning. Take ownership of issues, admit mistakes, and work to improve over time.
• Make informed decisions by combining empirical evidence with domain expertise and good judgement
• Operate and contribute effectively as part of a team where we work together to solve problems

Our target salary range for this role is between $134,000 USD and $180,000 USD bonus eligibility and equity.

Our roots are in Ann Arbor, Michigan with location hubs in Seattle, the Bay Area, Washington D.C., and Dublin, Ireland. Our innovation is fueled by the team’s global perspectives and diverse backgrounds. 

Don't meet every single requirement? Studies have shown that women and people of color are less likely to apply to jobs unless they feel they meet every qualification. At Censys we are dedicated to building a diverse, inclusive, and authentic workplace - so if you're excited about this role but your past experience doesn't align perfectly with every listed requirement in the job description, we encourage you to apply anyways. You may be exactly who we need to fill this role or others! 

We value diversity and are committed to creating an inclusive environment for all employees. Censys is an equal opportunity employer.