Listing Description
Do you want to expose and help mitigate vulnerabilities targeting power plants, water facilities, manufacturing systems, and other industrial control systems? Dragos works to discover these threats, develop innovative analytics for detection, support investigations, and incident response, and provide customers with world-class vulnerability analysis. Unlike many other teams with a broader mission, we focus solely on operational threats to industrial control networks; this gives our analysts the time and space necessary to do world-class research and intelligence on the most critical components of infrastructure.
Dragos secures civilization by providing cyber security to industrial control environments worldwide. As a Principal Vulnerability Analyst, you will evaluate control systems, operational networks, and ICS applications to measure the impact of exploits and attacks. You will then inform customers to enable decision-making and develop analytics to detect their use in operational environments.
At Dragos, we are not traditional intelligence analysts; we are hunters of evil that threatens the functions of civil society. We are dedicated to the idea that intelligence not properly communicated is not intelligence at all. We strive to identify the true and accurate impact of threats within the environment, allowing customers to properly assess the risk. If you are excited about this opportunity, please let us know!
Responsibilities:
- Monitor vulnerability sources assessing their impact and measuring severity to customer operations
- Analyze systems, networks, applications for vulnerabilities and work through disclosure processes
- Translate analysis into behavioral analytics
- Conduct trend analysis to identify patterns and particular areas of concern
- Produce reports for vulnerabilities and threat operations with on-demand analysis
Requirements:
- 5+ years analyzing vulnerabilities and exploiting code
- Demonstrated ability to quickly validate and assess a vulnerability based on description alone
- 5+ years developing, deploying, or evaluating proof-of-concept code related to vulnerabilities
- 3+ years writing customer-facing material translating technical details and informing decision-makers and operators
- 3+ years monitoring vulnerability reporting sources and triaging reports by likely impact on operations
- Demonstrated ability to appreciate a vulnerability’s impact on both IT and ICS operations with a measured understanding of the real-world effect
- An in-depth understanding of vulnerability scoring mechanisms along with their benefits and challenges
Nice to have...
- Experience with industrial control systems and their vulnerabilities
- Experience reverse engineering malware with static and dynamic tools and techniques and familiarity with malware code constructs
- Experience developing YARA, snort, and Bro signatures
- Experience working with an operations center and incident response team
- Experience with Python
Compensation:
- Base Salary: $170,000
- Base + Benefits + Equity = $275,000
- Comprehensive benefits plan (medical, dental, vision, disability, life insurance, 401K with match)
- Equity at Dragos is quickly growing and the total compensation under-represents the future growth and refresh program. This will be discussed on the first call with the Dragos recruiter.
Dragos is the Industrial Cybersecurity expert on a relentless mission to safeguard civilization. In a world of rising cybersecurity threats, Dragos protects the most critical infrastructure – those that provide us with the tenets of modern civilization – from increasingly capable adversaries who wish to do it harm. Devoted to codifying and sharing our in-depth industry knowledge of ICS/OT systems, Dragos arms industrial defenders around the world with the knowledge and tools to protect their systems as effectively and efficiently as possible. Founded by world-class industrial intelligence experts, Dragos has the industry’s largest team of ICS/OT practitioners who have been on the front lines of the world’s most significant industrial cyber-attacks.
Diversity, Equity, and Inclusion is a core value at Dragos, and we are passionate about building and sustaining an inclusive and equitable working environment for all. We know that every member of our team enriches our diversity by exposing us to a broad range of ways to understand and engage with the world, identify challenges, and discover, design, and deliver solutions. Not only does a Diversity, Equity, and Inclusion focus enrich our environment and teams, but it is also critical in our success as we defend adversaries all over the world. The broad range of ideas, experiences, and perspectives is critical to our success.
Dragos is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics, or any other basis forbidden under federal, state, or local laws.
Listing Details
- Salary: $170000 - $170001
- Citizenship: Not Provided
- Incentives: Stock Options
- Education: Not Provided
- Travel: No Travel
- Telework: Full Telecommute