SecurityScorecard's SaaS based platform enables enterprises to instantly rate and understand the security risk of companies, non-intrusively and from an outside-in perspective. We use an A-F rating scale. Companies with a C, D or F rating are 5 times more likely to be breached or face compliance penalties than companies with an A or B rating.
Our platform is used by hundreds of customers for use-cases including self monitoring, vendor risk management, cyber insurance, board reporting, and M&A. Headquartered in New York City, we are funded by top investors like Sequoia Capital, Google Ventures, NGP, Moodys, Intel, and others. Our vision is to create a new language for companies and their partners to communicate, understand, and improve each others security posture.
SecurityScorecard was founded in 2013 by two former security leaders, Dr. Aleksandr Yampolskiy and Sam Kassoumeh, who were respectively, the CISO and Head of Security and Compliance at a large e-commerce retailer, Gilt Groupe. Dr. Yampolskiy, who has a PhD in cryptography, was also the CTO of BlogTalkRadio/Cinchcast and has held lead technology and security roles at Goldman Sachs, Oracle, and Microsoft. Mr. Kassoumeh also led Global Security at Federal-Mogul and has over ten years of cybersecurity experience. Together they were perplexed at the lack of visibility into risks involved in both their own environment and those who they needed to trust with sensitive information in order to conduct business. They wanted to find a way to see what hackers see.
Can you use Open-source intelligence (OSINT) to infer the security posture of an organization? Do you find reverse-engineering malware fascinating?
Security Scorecard is looking to hire a Senior Cyber Threat Researcher. Our scores all begin with this team, and the signals we collect. This team owns the conception of novel signals to infer the security posture of organizations, their collection techniques, as well as collecting that data at scale. This role will report directly to the Head of Cyber Threat Research & Intelligence.
- Conceive novel signals that infer the security posture of organizations
- Continuously monitor the security landscape for new attack vectors
- Ingest, process, and analyze large amounts of data from various sources and in various forms
- Respond to requests for ad-hoc reporting and research topics
- Develop and refine cyber-threat intelligence collection and analysis processes
- Present relevant findings to both technical and non-technical audiences
- Plan and deliver initiatives on time and on budget
- Bias towards action. Why wait until tomorrow if something can be done today?
- Coding skills in a higher order language such as Python (must have)
- Ability to parse and process large amounts of data with data processing tools such as Spark, Hadoop, etc.
- Extensive knowledge of IP based Networking
- Extensive domain knowledge in cyber security, including the ability to speak with authority on the broad threat landscape
- Experience in malware reverse-engineering techniques
- Experience in understanding and analyzing threat actor capabilities and methodologies
- Focused on customers and their needs
- Metrics, data, and results oriented
- Experience communicating and partnering with different levels of product organizations
- Published findings (a plus)
- Solutions Focused
- Customer Centric
- One Scorecard
- Embody Security DNA
SecurityScorecard embraces diversity. We believe that our team is strengthened through hiring and retaining employees with diverse backgrounds, skillsets, ideas, and perspectives. We make hiring decisions based upon merit and do not discriminate based on race, religion, national origin, gender identity or expression, sexual orientation, age, or marital, veteran, or disability status.
More Jobs From