Senior Engineering Manager

We are seeking a highly skilled and experienced Senior Manager, Research & Development  to head our efforts in researching digital threats and developing cutting-edge defense mechanisms.

Job Overview: As the Research & Development Manager, you will play a critical role in safeguarding our clients’ digital infrastructure. You will manage a team of junior researchers, drive the identification and analysis of emerging threats, and ensure our scanning products are equipped with the most effective defense strategies. Your success will be measured by your ability to respond swiftly to new threats and maintain comprehensive threat coverage in our products.

Key Responsibilities:

• Research Leadership: Lead the research and analysis of current and emerging digital threats, identifying vulnerabilities and devising defensive strategies for our cybersecurity scanning products.
• Team Management: Oversee and mentor junior R&D personnel, guiding their research efforts and ensuring their work aligns with the company’s strategic goals.
• Threat Detection: Continuously monitor and assess the threat landscape to ensure our products remain effective against the latest cybersecurity threats.
• Threat Response: Develop rapid response strategies to new threats, ensuring timely updates to our scanning products.
• Vulnerability Analysis: Conduct in-depth vulnerability assessments, including the creation of custom network vulnerability checks and validation techniques.
• Collaboration: Work closely with product development teams to integrate research findings into product enhancements and new feature development.
• Technical Writing: Produce high-quality technical documentation, including research papers, vulnerability reports, and user guides, that translates complex concepts into accessible content.
• Innovation: Drive the innovation of new techniques for threat detection, vulnerability analysis, and defensive strategies, ensuring our products are always ahead of the curve.
• Threat Intelligence: Utilize common threat intelligence models such as MITRE ATT&CK, D3FEND, the Diamond Model, and the Cyber Kill Chain to enhance threat detection capabilities.
• Industry Engagement: Stay up to date with industry trends, participate in cybersecurity forums, and contribute to the broader cybersecurity community through research publications and presentations.

Qualifications:

• A degree in Cybersecurity, Computer Science, Information Technology, or equivalent experience.
• A minimum of 5 years of substantial experience in cybersecurity, with a focus on threat detection, penetration testing, or vulnerability assessment.
• In-depth understanding of attack surface management, including asset discovery, service fingerprinting, enumeration, and vulnerability scanning.
• Extensive experience with tools such as Tenable, Rapid7, Qualys, or Nuclei for creating and validating network vulnerability checks.
• Experience with Internet-scale scanning and discovery.
• Strong grasp of cybersecurity principles, attack trajectories, and vulnerability analysis techniques.
• Demonstrable experience in researching and analyzing new cyber threats across various industries and timeframes.
• Proven ability to deploy vulnerable infrastructure in a lab environment for threat analysis.
• Experience authoring signatures and checks for vulnerability identification.
• Practical experience with recon and security testing tools such as NMap, Zmap, Burp, Zap, Amass, and Subfinder.
• Experience with vulnerability research and binary analysis for patch diffing.
• Familiarity with cyber threat intelligence tools like DomainTools, VirusTotal, SHODAN, and Censys.
• Strong technical writing skills with a portfolio of published work.
• Proficiency in scripting and programming languages such as YAML, Python, Golang, Javascript, and C.
• Prior experience in a quick reaction or incident response team environment.

Preferred Qualifications:

• Relevant industry certifications such as OSCP, OSWA, GWAPT, Pentest+, or equivalent.
• Experience in driving innovation within a research environment, particularly in threat detection and defense mechanisms.
• Experience working within a product-focused R&D environment, contributing to the development of commercial cybersecurity solutions.