DeepSurface is changing how companies address risk in their cybersecurity systems by empowering our customers to be radically better at protecting their organizations. We’re a fast-growing, software development company headquartered in Portland, OR.
We’re a team of self-starters with deep expertise. We value pragmatic solutions and being good to each other. We move fast, but with discipline, and rely on team members to listen, think, and then build the best products for our customers. If you love working in collaborative teams, take a high degree of initiative, and have a history of extreme ownership, then we’d love to meet you.
DeepSurface Security has great benefits, a very flexible work environment, and a commitment to hiring diversely. Our benefits include a generous holiday policy, unlimited PTO, company paid health, dental and life insurance, and a 401(k) plan. All roles are currently remote, but we plan to go back into our Portland offices part-time after COVID.
Our DeepSurface product provides information security professionals with a clear view of the threats that exist in their networks, systems, and applications. Our approach revolutionizes vulnerability management and threat modeling by providing visibility, priority, and metrics where none exist.
We are currently looking for a Junior Security Analyst who will help us expand our flagship product’s vulnerability analysis capabilities. This position requires software development experience and a strong background in vulnerability research.
The ideal candidate will have a strong interest in all things related to digital security. We need a self-motivated person who relishes digging deep into arcane technical matters to answer questions one can't find on Stack Overflow. Experience with multiple operating systems, strong command line skills, and strong Python skills are required. If you fit this description and are eager to expand your career options in a broad set of technical areas within information security, then this job might be for you.
We expect the Security Analyst to regularly research technologies they are unfamiliar with, develop proof-of-concept (PoC) implementations of integration and analysis scripts, and use those to help the development team improve the product. The Security Analyst will also delve deep into the behavior of third-party products (which may appear on any software stack) to help us understand how published and unpublished security flaws could affect customers.
The Security Analyst will wear many hats, which can be demanding, but also provides excellent opportunities for learning a broad range of technologies.
Duties & Qualifications
The primary duties of this role include:
- Research third-party APIs and other integrations; develop PoC implementations
- Analyze software vulnerabilities to determine how they might impact customers
- Develop methods of automation for vulnerability analysis
- Help expand DeepSurface’s scanning capabilities by researching common configuration weaknesses and deployment flaws; write scripts to identify these conditions
- Investigate potential software vulnerabilities and responsibly disclose to vendors and the public through a structured process
- Support the marketing team by writing blog posts and developing other technical content
- On occasion, perform a wide variety of other technical tasks to support the engineering team, including DevOps and platform automation, QA infrastructure improvements, product testing, product documentation, and customer support
- Bachelor’s degree in Computer Science or related field
- Some development experience on Linux platforms
- Excellent communication and problem solving skills
- A keen interest in cybersecurity
- Experience with Python
Nice to have:
- Knowledge and experience with Windows technologies
- Experience with CTFs, bug bounties, or other vulnerability research
- Familiarity with PowerShell and PostgreSQL
- An understanding of Azure and AWS infrastructures
Interested? We're excited to hear from you! Please apply here.
Please note: If you don't fit this profile, but wish to be considered for possible future opportunities, you can use the application form as a way of introducing yourself. Just state early on that you don't qualify for this position but would like to be considered for future openings.