What we do

At runZero, we're a team of dreamers and creative thinkers who aren't afraid to shake up the status quo. Fixing what’s broken with legacy vulnerability management and overcoming persistent, decades-old problems requires a new approach.

Our platform provides a single source of truth for exposure management across the total attack surface. Without requiring agents, authentication, or appliances, runZero delivers the most complete and accurate visibility into every asset and exposure across internal, external, IT, OT, IoT, mobile, and cloud environments — including uncovering unknown and unmanageable devices and broad classes of exposures that evade traditional tools.

Founded by HD Moore (creator of Metasploit), runZero is trusted by more than 500 companies and 30,000 users worldwide to find and mitigate risks faster, meet compliance requirements, and improve overall security. See for yourself with a free trial!

Role

We are growing the runZero Research team and searching for a Jr. Research Engineer to help develop the runZero product. Our research team works to convert cutting-edge security research into happy customers. As a member of the research team, you'll play a critical role in uncovering and analyzing vulnerabilities to strengthen runZero’s detection and intelligence capabilities. You will be working as part of a team focused on building and supporting a state-of-the-art asset and exposure management platform.

Responsibilities

Research current vulnerabilities and exploits using trusted sources, and stay up to date with threat intelligence
Proactively monitor security-related information sources to discover new vulnerabilities and attack vectors
Write Nuclei templates to identify applications, misconfigured services, and vulnerable software to be leveraged by the runZero scan engine
Research new ways to identify vulnerable devices and assets, and add those capabilities to the runZero platform
Produce root cause analyses and technical reports, clearly communicating findings to both technical and non-technical audiences
Analyze network traffic and write network protocol parsers and probes in Go to be integrated into the runZero platform
Stay up to date with the threat intelligence landscape to help us know what threats may be important to our customers
Periodically contribute to research blogs and webcasts

Requirements

Hands-on experience with common vulnerability classes and exploitation techniques
Familiarity with CVE (Common Vulnerabilities and Exposures), CWE (Common Weakness Enumeration), and CVSS (Common Vulnerability Scoring System)
Experience using vulnerability and compliance scanning tools
Solid grasp of security advisories, vulnerability exploitation, and threat impact
Familiarity with software vulnerabilities and modern detection tools (e.g. Nuclei)
Familiarity with SQL and querying large databases would be extremely helpful
Proficiency with standard development tools and paradigms (Git, GitHub, CI/CD, etc.)
A love (or at least fond tolerance) of regular expressions
Familiarity with at least one programming language and the ability to use it to automate tasks (e.g. Python or Go)
Have an opinion, play well with others, work hard, and enjoy being a core member of a growing startup

Salary Range

runZero values transparency in the hiring process. According to our market data, we’re expecting this role to come in at a salary of about $95,248 GBP, plus stock options. We know that the talent market is always in flux, so please let us know if you believe we have advertised this role at the wrong salary band.

For more information on what it's like to work at runZero, please visit our employee spotlight page!

Interview process

We value your time and see the interview process as a critical two-way street, allowing us to assess your skills, strengths, and cultural fit while simultaneously providing you with a clear understanding of our company, our ways of working, and the expectations specific to the role you’re seeking. To this end, our interview process incorporates a combination of:

Initial one-on-one interviews with a recruiter and manager
Panel interviews with the team
Candidate challenge - a role-specific challenge designed for you to showcase your strengths and allow us to assess your skills in a hands-on exercise
A final interview, conducted either remotely or in-person if we haven't yet met face-to-face in previous rounds

How we take care of you

🏡 Fully remote: runZero is a 100% remote company! While we aim to gather annually for kick-offs, our team thrives in the flexibility and freedom that remote work provides.
🥕 Benefits: We prioritize the well-being of our team members, which is why runZero pays for 100% of the premium platinum-level medical, vision, dental, life, and short-term disability coverage for you and your dependents.

🔐 401k: We match 4% of 401K contributions
🏝️ Time off: We offer unlimited PTO, 11 official company holidays, and a recharge week at the end of the year

🍼 Paid parental leave: We offer 12 weeks of paid parental leave
🎉 Culture of collaboration: Our team is diverse, representing various backgrounds and perspectives, which fosters an inclusive and vibrant environment. With flexible schedules and supportive coworkers who listen to one another, runZero promotes a culture of collaboration.
And more!

For more information on what it's like to work at runZero, please visit our employee spotlight page!

Applications

runZero positions are currently restricted to the United States and the United Kingdom. All other International applications will not be considered.

runZero is an Equal Opportunity Employer and does not discriminate on the basis of race, religion, color, sex, gender identity, sexual orientation, age, disability, national origin, veteran status, marital status, ancestry, nationality or any other basis covered by applicable law.

We encourage under-represented applicants to apply, even if you don’t think you fit 100% of the criteria (nobody ever does)!

Junior Security Research Engineer (Remote)

AI overview