Fully remote
runZero is a 100% remote company! While we aim to gather annually for kick-offs, our team thrives in the flexibility and freedom that remote work provides.
Product-market fit & customer satisfaction
Our customers love us! We have hundreds of paying customers from mid-market to very large enterprises and thousands of freemium users. Want to learn about how runZero works and how it helps our customers? You can listen to this podcast featuring our co-founder HD Moore (creator of Metasploit), hear from our customers, or experience it firsthand with our 21-day premium free trial.
Great benefits
At runZero, we prioritize the well-being of our team members. We provide platinum-level medical, vision, dental, life, and short-term disability coverage for you and your dependents. Additionally, we match 4% of 401K contributions, offer unlimited PTO, and provide equity to all employees.
Culture of collaboration
Our team is diverse, representing various backgrounds and perspectives, which fosters an inclusive and vibrant environment. With flexible schedules and supportive coworkers, runZero promotes a culture of collaboration. Learn more about life at runZero here!
The Opportunity
As a Vulnerability Researcher, you'll play a critical role in uncovering and analyzing vulnerabilities to strengthen runZero’s detection and intelligence capabilities. From researching and monitoring security threats to collaborating with engineers on developing detection rules and vulnerability checks, you'll help drive impact by proactively identifying risks and surfacing insights for our customers.
What You’ll Do
- Research current vulnerabilities and exploits using trusted sources and stay up to date with threat intelligence
- Proactively monitor security-related information sources to discover new vulnerabilities and attack vectors
- Apply analytical expertise to investigate malware, phishing, mobile, and brand threats, delivering actionable vulnerability intelligence
- Assess the impact of vulnerabilities on critical systems and advise stakeholders on remediation strategies
- Build custom detection rules, identify unique attack attributes, and surface vulnerable internet-connected assets
- Research and develop new exploits and attack techniques
- Produce root cause analyses and technical reports, clearly communicating findings to both technical and non-technical audiences
- Work with engineers to develop vulnerability checks, fingerprints, queries, and detections
- Collaborate with the engineering team to add findings to the codebase, ideally in Golang
Skills You Have
- Hands-on experience with common vulnerability classes and exploitation techniques
- Familiarity with CVE (Common Vulnerabilities and Exposures), CWE (Common Weakness Enumeration), and CVSS (Common Vulnerability Scoring System)
- Experience using vulnerability and compliance scanning tools
- Solid grasp of security advisories, vulnerability exploitation, and threat impact
- Knowledge of regular expressions (regex) and SQL for querying large databases
- Experience collaborating with engineers on automated tooling and detection rules
- Familiarity with Git, GitHub, CI/CD processes
- Familiarity with at least one programming language and the ability to use it to automate tasks (e.g. Python, Ruby, or Go)
- Go experience is a big plus
Salary Range
runZero values transparency in the hiring process. According to our market data, we’re expecting this role to come in at a salary of about $150,000 - $180,000. We know that the talent market is always in flux, so please let us know if you believe we have advertised this role in the wrong salary band
For more information on what it's like to work at runZero, visit our employee spotlight page!
We offer an extensive set of benefits including:
- Top of the line medical, dental, vision, life and disability coverages with runZero paying for 100% of the premium
- A stock option plan consistent with early stage, rapidly-growing startups
- A competitive salary composed of cash and equity compensation
- Unlimited PTO (We encourage everyone to take at least 25 days a year)
- 4% 401(k) matching program
Applications
runZero positions are currently restricted to the United States and the United Kingdom. All other International applications will not be considered.
runZero is an Equal Opportunity Employer and does not discriminate on the basis of race, religion, color, sex, gender identity, sexual orientation, age, disability, national origin, veteran status, marital status, ancestry, nationality or any other basis covered by applicable law.
We encourage under-represented applicants to apply, even if you don’t think you fit 100% of the criteria (nobody ever does)!
Top Skills
Similar Jobs
What you need to know about the Charlotte Tech Scene
Key Facts About Charlotte Tech
- Number of Tech Workers: 90,859; 6.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Lowe’s, Bank of America, TIAA, Microsoft, Honeywell
- Key Industries: Fintech, artificial intelligence, cybersecurity, cloud computing, e-commerce
- Funding Landscape: $3.1 billion in venture capital funding in 2024 (CED)
- Notable Investors: Microsoft, Google, Falfurrias Management Partners, RevTech Labs Foundation
- Research Centers and Universities: University of North Carolina at Charlotte, Northeastern University, North Carolina Research Campus
