RiskIQ is the leader in attack surface management, providing the most comprehensive discovery, intelligence, and mitigation of threats associated with an organization’s digital presence. With more than 75 percent of attacks originating outside the firewall, RiskIQ allows enterprises to gain unified insight and control over web, social and mobile exposures. Trusted by thousands of security analysts, RiskIQ’s platform combines advanced internet data reconnaissance and analytics to expedite investigations, understand digital attack surfaces, assess risk and take action to protect the business, brand, and customers. Based in San Francisco, the company is backed by Summit Partners, Battery Ventures, Georgian Partners and MassMutual Ventures.

We are looking for a Penetration Tester to join our team in San Francisco, Kansas City, or Remote

Role Overview

The RiskIQ Research team is looking for an experienced Penetration Tester who is interested in applying their knowledge set in a unique way to assist RiskIQ customers in better defending their attack surface. The qualified candidate will develop analysis and detection capabilities that provide our customers with unique insights into how Pen Testers leverage open source discovery tools to surface vulnerabilities in corporate networks that can be used as potential attack vectors.

Your responsibilities will include

● Leverage the RiskIQ global collection grid to deliver tactical intelligence to our customer’s around common avenues of attack utilized by Penetration Testers to breach corporate networks

● Develop customer detections and rules to surface common attack vectors and vulnerabilities used to breach a network inside of customers Digital Footprint

● Assist customers in prioritizing the most common avenues of attack and suggested remediation efforts orgs can take

● Develop customer signatures and detections to surface previously unknown vulnerabilities or new avenues of attack based on RiskIQ collection

● Build off open source vulnerability reporting to provide customers focused intelligence via RiskIQ’s platform in the form of attack surface insights.

● Produce short form vulnerability alerts for use in customer communications, briefings, and public facing blog posts

● Enable & increase RiskIQ’s on going detection efforts by discovering unique attack attributes, building custom detection rules, and surfacing globally vulnerable internet connected assets

● Assist in training our detection models to identify malicious webpages and mitigating false positives across our detection mechanisms

● Ability to work across a cross functional and distributed team of engineers, data scientists, security researchers, and analysts to deliver new capabilities and reporting



Requirements

● 4+years experience conducting penetration testing activities on networks, web applications, mobile applications, and API based systems.

● Proficient in a programming or scripting languages such as Java, Python, Perl, etc

● Experience with commercial and open source vulnerability / penetration testing tools

● Strong technical understanding of common network, system, and application vulnerabilities

● Strong and effective communications skills with the ability to distill down complex vulnerabilities to business impact to customers

● Highly curious, Self motivated, and Self directed individual who can operate with high level guidance

Desired Experience

● Active penetration testing certifications such as OSCP, OSWP, GWAPT, GXPN, GPEN

Why work at RiskIQ?