Senior Exploit Developer (United States)

Company Overview

VulnCheck delivers next-generation exploit and vulnerability intelligence solutions for enterprise, government, and product teams to prevent large-scale remote code execution events with better, faster exploit data, massive-scale real-time monitoring and predictively built detection artifacts. VulnCheck’s 300M+ unique data points from 500+ sources help vulnerability management and response teams outpace adversaries - autonomously. VulnCheck is an RSAC Innovation Sandbox finalist and a Black Hat Startup Spotlight finalist.

Job Summary

VulnCheck is looking for a Senior Exploit Developer with a background in reverse engineering and exploit development. This role is on our Initial Access Intelligence team, which delivers exploits and related artifacts designed to give VulnCheck customers visibility into exploitation from exposure through execution and detection. You’ll work with a seasoned team of hackers and threat researchers to help global enterprises, governments, and intelligence firms defend against emerging threats and get ahead of the attacker curve. 

While initial access vulnerabilities are our main focus area, you’ll also have the opportunity to work on a variety of local and other exploits, as well as our open-source go-exploit framework.

Location

This is a 100% remote role based in the United States, though we are primarily looking for candidates in Massachusetts, Maryland, and Texas.

Why Join VulnCheck?

VulnCheck stands behind its mission to influence how organizations worldwide understand, assess, and remediate security vulnerabilities - and to deliver intelligence-based solutions that change the world. 

You’ll be joining a collaborative, supportive environment that values intellectual curiosity, technical mastery, and personal growth. At VulnCheck, you’ll get to:

• Leverage your expertise: Work on cutting-edge threat intelligence initiatives that matter, alongside top domain experts in the field.
• Shape the industry: Influence how vulnerabilities are discovered, classified, scored, mapped, exploited, discussed, and remediated at scale for enterprise customers and for the entire cybersecurity industry.
• Grow your impact: Collaborate with global partners, lead high-visibility projects, and drive standards across the security community.
• Innovate and explore: Conduct novel vulnerability research and develop tools that highlight risk in unexpected places, sharing your findings with others to educate and inspire.

Key Responsibilities

• Reverse engineering software to discover the root cause of both zero-day and n-day vulnerabilities
• Writing original software exploits for initial access vulnerabilities using VulnCheck’s open-source go-exploit framework, including when there are no public PoCs or vulnerability details
• Implementing detections (such as Suricata & Snort signatures, YARA rules, etc.) that accurately identify initial access vulnerabilities being exploited on the wire
• Writing Attack Surface Management (ASM) queries (e.g., Shodan, Census, FOFA, & ZoomEye) to find vulnerable systems likely to be targeted
• Contributing to technical blogs and/or conference talks (optional) on exploit development and attack trends

Required Qualifications

• Prior experience with exploit development for RCE / initial access vulnerabilities (that do not require authentication to exploit)
• Comfort with reverse engineering and patch diffing
• Experience with Git-based project development 
• Experience working on technical projects remotely, alone, and on small teams

Preferred Qualifications

• Prior cybersecurity work experience (at a vendor or in government)
• Ability to share example exploit code written
• Some experience with programming / software development is helpful
• Experience writing technical blogs and/or giving conference talks is a big plus

Benefits

• Competitive compensation package.
• Flexible work arrangements with the option to work remotely 100% of the time.
• Dynamic work environment with opportunities for growth and advancement.
• Access to continuous learning and development programs.

Ready to move from enabling the ecosystem to leading its evolution? Apply now and help us protect what matters most!