Manager, Vulnerability Research

Bitsight is a cyber risk management leader transforming how companies manage exposure, performance, and risk for themselves and their third parties. Companies rely on Bitsight to prioritize their cybersecurity investments, build greater trust within their ecosystem, and reduce their chances of financial loss.
Built on over a decade of technological innovation, its integrated solutions deliver value across enterprise security performance, digital supply chains, cyber insurance, and data analysis.

• We invented the cyber ratings industry in 2011
• Over 3000 customers trust Bitsight
• Over 750 teammates are dispersed throughout Boston, Raleigh, New York, Lisbon, Singapore, Argentina, and remote

The Vulnerability Research team within Bitsight's Security Research department develops and deploys techniques to remotely detect the presence of recently disclosed vulnerabilities. These techniques are integrated into the company's Internet scanning infrastructure which enables Bitsight to measure the rate at which organizations patch and remediate vulnerabilities. The team also enables a unique form of "vulnerability epidemiology" research in tracking the scale, impact, and organizational response for high-profile vulnerabilities. This management position will be responsible for the development and operation of a world-class global Internet vulnerability tracking system. The role will lead an international team of researchers tasked with developing safe and responsible remote network detection capabilities for recently disclosed vulnerabilities, as well as vulnerability inference techniques based on precision software fingerprinting.

Objectives & Responsibilities

• Own the functional area of vulnerability data at Bitsight and advocate for its effective implementation in platform improvements and product features with Product Management and Engineering stakeholders

• Establish team priorities for research and development of new vulnerability intelligence collection and analysis capabilities

• Evaluate, align, and escalate vulnerability detection capabilities within Bitsight's established risk assessment framework

• Identify and champion Internet scanning platform improvements to support new vulnerability detection methods

• Communicate timelines and expectations for high-priority vulnerability detection capabilities

• Develop, drive, and own processes for quality assurance of vulnerability detection techniques

• Recruit, train, and develop an international team of vulnerability researchers of diverse backgrounds and skill sets

• Collaborate with the product and engineering organizations to align capability development roadmaps and complete technology transfer of vulnerability research prototypes into production environments

Qualifications

• Expertise in network-based vulnerability detection capability development

• Hands on experience with software reverse engineering and patch diffing

• Demonstrated experience in security research people management

• Strong communication and analytical skills, including the ability to identify and solve ambiguous problems

• Ownership mindset

• Proficient in python programming

Education

B.S in Computer Science or similar field or commensurate experience.

Diversity. Bitsight is proud to be an equal opportunity employer. This means we do not tolerate discrimination of any kind and are committed to providing equal employment opportunities regardless of your gender identity, race, nationality, religion, sexual orientation, status as a protected veteran, or status as an individual with a disability.

Culture. We put our people first. Bitsight offers best in class benefits. We devote the same energy to nurturing our company's inclusive culture as we apply to serving our customers' needs. Working at Bitsight will give you the opportunity to fulfill your professional goals and expand your skills.

Open-minded. If you got to this point, we hope you're feeling excited about the job description you just read. Even if you don't feel that you meet every single requirement, we still encourage you to apply. We're eager to meet people that believe in Bitsight's mission and can contribute to our team in a variety of ways.

Additional Information for United States of America Applicants:

Bitsight also provides reasonable accommodations to qualified individuals with disabilities or based on a sincerely held religious belief in accordance with applicable laws. If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email . This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications.

Qualified applicants with criminal histories will be considered for employment consistent with applicable law.

This position may be considered a promotional opportunity pursuant to the Colorado Equal Pay for Equal Work Act.

The anticipated hiring base salary range for this position is US$170,000 to $200,000 annually for US-based employees. This range reflects the minimum and maximum target for new hire salaries for the position across all US locations, is based on a full-time work schedule, and is Bitsight's good faith estimate as of the date of this posting. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training.In addition to base salary, this role is eligible for participation in a bonus or commission plan and an equity grant. Bitsight also offers a competitive benefits package, including but not but limited to medical, dental, and vision insurance; paid parental leave; flexible time off; a 401(k) plan with employee and company contribution opportunities; life and disability insurance; and tuition reimbursement.