Sr Software Engineer

Your Career

The Cortex Vulnerability Intelligence team is expanding, and we’re looking for a Software Engineer to join our team. At Xpanse, we work to make the internet a safer place for our customers. The Cortex Vulnerability Intelligence team builds the software that provides customers and internal teams vulnerability landscape context, allowing us to determine whether customer systems are vulnerable to various threats. This allows customers to prioritize and remediate critical vulnerabilities using the XSIAM platform.

Your Impact

• Design, build, and maintain software that matches customer systems to vulnerabilities (CVEs) using internal and external threat intelligence data feeds
• Build an in-depth understanding of the vulnerability intelligence landscape, including what our customers need to run successful vulnerability management programs
• Take part in architecture strategy sessions; design solutions that accommodate the requirements of the various groups across Cortex
• Collaborate with teams to solve problems, reduce technical debt, and evolve development practices - Drive technical best practices and evangelize new technologies within the engineering org
• Mentor other engineers and ensure that your team delivers high-quality output
• Take ownership of projects, drive them to completion, and support them in production

Requirements

Your Experience

• 3+ years of experience as a professional software engineer writing back end software
• Experienced and opinionated about API design and distributed backend systems - Able to switch between research, design, prototype, and implementation
• Experience using cloud managed services (ideally in GCP)
• Experience working in vulnerability management or incident response, or working closely with teams performing these functions
• Proficient in Python, Golang, and/or Java, with the ability to learn new languages as needed
• Some familiarity with common open source security software such as Nuclei, OpenVAS, and Nmap
• Strong knowledge of CVE landscape, vulnerability management workflows, patching strategies, and open source threat data (e.g., VulnCheck)
• Basic understanding how a variety of exploits work and shows skills in enumerating and selecting the correct exploit for a given system

Nice To Haves

• Cybersecurity knowledge demonstrated with base level certifications (eg OSCP, GPEN, or Pentest+) or willingness to obtain
• Familiarity with current penetration and security assessment tools such as Metasploit, Nmap, Burp Suite, Wireshark, etc.
• Knowledge of common networking protocols such as HTTP, DNS, DHCP, ARP, FTP, etc - Basic knowledge in other less common protocols such as ICS/SCADA or database protocols
• Experience contributing to open source software