Lead Risk Reduction Engineer
- Implement and direct processes across the vulnerability management lifecycle, including Discovery, Prioritization of Assets, Vulnerability Assessment, Reporting, Remediation, and Verification.
- Act as a technical lead within a rapidly growing cyber security group and develop team objectives to resolve outstanding risk and identify new areas of exposure.
- Assist in validating and remediating critical findings resulting from audit processes.
- Utilize industry-standard toolsets to map and reduce the attack surface of a complex and dynamic architecture.
- Collaborate with Threat Intelligence groups to overlay observations from the global threat landscape with patching and remediation strategy.
- Review opportunities to reduce the risk surface of Relativity, ensuring a highly secure target for adversary actors.
- Develop scripts, tools, and methodologies to identify and exploit points of exposure on internal and perimeter applications (penetration testing).
- Proactively research emerging cyber threats. Apply analytical understanding of hacker methodologies and tactics, system vulnerabilities and key indicators of attacks and exploits.
- Possess a high degree of proficiency in the following domains: debugging, exploit development, reverse engineering, port scanning, client-side attacks, and evasion techniques.
- Experience with vulnerability management and offensive security tools, including Nessus, Splunk, Burp Suite, and Metasploit.
- Able to contribute to security architecture discussions to ensure exposure to threats is minimized and countermeasures can be proactively applied.
- Familiarity with the security, attack surface, and threat profile of SaaS-based applications.
- Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel.
- Ability to identify adversary tactics, techniques, and procedures (TTPs), targeting, malware development and implementation.
- One of more of the following certifications: OSCP, CEH, or GPEN
- Detailed understanding of the vulnerability management lifecycle, and how this is applied in a corporate setting.
- Expertise in networking, cryptography, and security concepts.
- Capacity to provide both high-level and technical briefings on emerging threats and vulnerabilities, collaborating with extended Cyber teams to assess risk.
- Experience performing forensic analysis on network traffic to identify anomalies and attacks.
- Ability to work collaboratively and independently to deliver projects based on high-level requirements and success criteria.
- 4+ years of experience as a Risk Reduction Engineer or similar role.
Our software has more than 150,000 active users in more than 40 countries from organizations including the U.S. Department of Justice, more than 70 Fortune 100 companies, and more than 195 of the Am Law 200. We have grown significantly over the last several years and continue striving to build software that helps solve our customers’ toughest e-discovery and unstructured data challenges. If you’re ready to grow with us, we’d love to hear from you. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.