← Return to Job Board

Software Security Analyst I

Risk Based Security, Inc. – RICHMOND, VA, VA, United States - Published On 12/18/18


Risk Based Security, Inc. was founded to equip organizations with security intelligence, risk management methodologies, software vulnerability research, and affordable on-demand security expertise. We are recognized as a premier security and threat intelligence firm by providing innovative, action enabling, predictive, and evidence-based risk management solutions to our clients.

We are looking to add a new Security Analyst to our Vulnerability Intelligence Team. Our Vulnerability Database offering, VulnDB, provides the most timely, highest quality, and most comprehensive vulnerability intelligence solution in the security market.

Job Responsibilities:

● Analyze product changelogs, bug reports, pull requests, commit histories, and vulnerability reports from researchers and developers to identify security issues and extract relevant information. (RBS provides data sources)

● Provide the first level of analysis and review of potential security issues, weeding out reports that do not meet criteria for inclusion in VulnDB.

● Initially pass the identified security issues up the chain for further validation and approval via basic data entry, while learning more about vulnerabilities and our processes of customer monitoring requests.

● Help maintain a database of customer product monitoring requests, their status, and ultimate disposition.

● Once fully trained, more responsibility for analysis, validation, and data entry through ongoing training.

What you must bring to the job:

● A basic understand of the developer process, primarily through portals such as GitHub or SourceForge. This includes bug tickets, pull request, commits, and software releases.

● A basic understanding of software vulnerabilities such as race conditions (TOCTTOU), SQL injection, path traversals, command injection, XSS as well as the ability to differentiate between an out-of-bounds read and a buffer overflow by reading e.g. ASAN output. This includes a firm grasp on the idea of crossing privilege boundaries and how that defines a vulnerability.

● A basic understanding of a wide variety of software such as Windows desktop software, how a CMS works, differences in privilege levels, web browsers, web browser plugins, and a solid grasp of HTML.

● Ability to commit to an agreed schedule of availability, typically 40 hours per week during mostly business hours, with some flexibility! Self-motivation and the ability to work independently, once trained. Experience working remotely with a great deal of autonomy.

● Reading comprehension, great attention to detail, and deductive reasoning is a must.

● Internet connectivity and a suitable place to work.

● Excellent communication skills and the ability to ask for help or guidance when needed.

● A desire to keep learning new things and willingness to offer new ideas for improving RBS services.

Risk Based Security, Inc. Software Security Analyst Job Description

What would be great to have:

● Security industry experience, industry familiarity, or at least intellectual curiosity in the field of Information Security.

● Some software coding experience in e.g. C/C++, Java, PHP, Python, Ruby, Perl is valuable!

● Certifications such as Network+, Security+, GIAC Security Essentials, or CISSP.

● University or military course covering security principles and practices.

● Network scanning and/or web application testing skills.

● Experience running any operating system other than Microsoft Windows or Apple macOS, unless you appreciate the underlying Unix-based operating system on macOS!

What we will provide:

● Full training on where to look and what to look for, how it wraps into our service, and an understanding of high-end vulnerability intelligence solutions.

● All the necessary hand holding and availability for Q&A until you are fully proficient in your duties and feel comfortable. (Generally, within the first 100 hours)

● Encouragement and training to move beyond the entry level position.

● Flexibility on schedule and availability.


Because the position is relatively unique, and we want to be sure it is a good fit for both you and RBS, this position is initially offered as a 1099 independent contractor position. If the fit appears good, we will convert the position into a W-2, employee role with the following benefits for a full- time employee:

● Two weeks paid vacation

● Six paid Holidays

● Company- paid Life and Disability Insurance

● SIMPLE IRA Plan Eligibility with company match

● Healthcare Insurance Eligibility

● Eligible for a yearly bonus based on individual and company performance

● Security training and conference attendance for continuing education.

How to Apply

This document was retrieved from on Thu, 24 Jan 2019 03:51:25 -0500.