Sr. Exploit Developer (US)

About VulnCheck

VulnCheck is transforming vulnerability intelligence by helping security teams act faster and with more confidence. Our platform delivers early, high-quality exploit intelligence, deep asset correlation, and contextual insights to help organizations stay ahead of emerging threats.

About the Role

VulnCheck is looking for a Senior Exploit Developer with a background in reverse engineering and exploit development. This role is on our Initial Access Intelligence team, which delivers exploits and related artifacts designed to give VulnCheck customers visibility into exploitation from exposure through execution and detection. You’ll work with a seasoned team of hackers and threat researchers to help global enterprises, governments, and intelligence firms defend against emerging threats and get ahead of the attacker curve.

While initial access vulnerabilities are our main focus area, you’ll also have the opportunity to work on a variety of local and other exploits, as well as our open-source go-exploit framework. Although this is a 100% remote role, we will prioritize candidates based in one of our U.S. hubs in Massachusetts, Maryland, or Austin, TX.

Why Join VulnCheck?

VulnCheck stands behind its mission to influence how organizations worldwide understand, assess, and remediate security vulnerabilities - and to deliver intelligence-based solutions that change the world.

You’ll be joining a collaborative, supportive environment that values intellectual curiosity, technical mastery, and personal growth. (And more - below)

• Leverage your expertise: Work on cutting-edge threat intelligence initiatives that matter, alongside the top domain experts in the field.
• Shape the industry: Influence how vulnerabilities are classified, scored, mapped, and remediated at scale for enterprise customers and for the entire cybersecurity industry.
• Grow your impact: Collaborate with global partners, lead high-visibility projects, and drive standards across the security community.
• Innovate and explore: Conduct research and develop tools for automating and improving vulnerability enrichment and mapping.

What You'll Do

• Reverse engineering software to discover the root cause analysis (RCA) of vulnerabilities.
• Authoring original software exploits for initial access vulnerabilities, when little or no publicly-available proof of concept code for exploiting such vulnerabilities exists.
• Implementing detections (such as Suricata & Snort signatures, YARA rules, etc.) for identifying such initial access vulnerabilities being exploited on the wire
• Writing Attack Surface Management (ASM) queries (e.g., Shodan, Census, FOFA, & ZoomEye) for finding vulnerable systems likely to be targeted

Why You'll Bring

• Prior experience with writing exploit code for RCE / initial access vulnerabilities (that do not require authentication to exploit)
• Experience working on technical projects remotely, alone, and on small teams

Preferred Qualifications

• Prior Cybersecurity work experience (at a vendor or in Government).
• Able to share example exploit code written.

*IMPORTANT NOTE: This position may involve access to technology subject to U.S. export control regulations. Employment is contingent upon the company's ability to authorize access under applicable export control, sanctions, and any other applicable legal or contractual requirements. The company does not guarantee and is under no obligation to seek such authorization if it would be necessary.

What We Offer

We believe people do their best work when they feel supported, trusted, and valued. VulnCheck offers benefits designed to meet a wide range of needs and lifestyles:

Benefits and Perks

• Unlimited PTO
• 401k plan with company match
• Comprehensive healthcare coverage
• Generous paid parental leave
• Remote friendly environment with flexibility
• Expense reimbursement for Cell Phone & Internet
• Ongoing professional development, coaching, and learning resources
• Opportunities for career advancement within a fast-growing team

Why Join Us

Built on over two decades of cybersecurity experience, our team of experts understands the intricacies of vulnerabilities, their exploitation in the wild, and how to leverage this data to build more effective cybersecurity products that produce better outcomes for organizations.

VulnCheck gives organizations a tactical advantage by providing best-in-class exploit & vulnerability intelligence information. We have a sense of duty to protect the critical infrastructure we rely on including medical devices, power grids and telecommunication networks. We were founded in 2021 in Lexington, Massachusetts.

VulnCheck has a transparent, collaborative, and supportive culture - we are looking for people who have a growth mindset, are curious and innovative. Our team is smart, but humble, hardworking, and supportive.

VulnCheck is proud to be an Equal Employer Opportunity employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. VulnCheck is committed to working with and providing reasonable accommodations to applicants with physical and mental disabilities. *Even if your experience doesn’t perfectly align with the job description, we encourage you to apply—we value potential just as much as a perfect resume.