vulnerability Analyst - Remote
Join our global team of 450+ craftspeople! We are a consultancy that solves business problems by designing and building highly complex custom software for the world's leading companies. We are on a mission to dismantle the traditional consulting ecosystem and replace it with an effective framework for innovation that transforms the way businesses think about and solve problems from the inside out.
TheoremOne is the winner of Comparably's Best Work-Life Balance: Top-Rated 100 Small/Mid-Sized Companies https://www.comparably.com/news/best-work-life-balance-2022/
Our Vulnerability Analyst will work with the GitHub Security Lab to help contribute to the curation of a security advisory Database. You will analyze, verify and fully document vulnerability reports, in order to address the problems of vulnerability uniqueness, transparency, and disclosure. The documented vulnerability information shared in the database informs developers and powers many commonly used open source tools.
If you have a solid foundation in information security and a passion for educating others about safe practices, then this role of securing open source software development might be the perfect opportunity for you.
Note that the initial engagement is a 6-month contract.
Unsure if your skills meet all of our requirements? Apply anyway! We would love to meet you and find out more about how your skills could add value. At TheoremOne, we value open communication and feedback. We believe that diversity of identity, perspective, and experience makes us stronger; we would love to hear your perspective too!
Recording disclosure TheoremOne records interviews so that we can focus on delivering a great interview experience. If you are uncomfortable with being recorded, please let our recruiters know when they reach out to you.
About TheoremOne Founded in 2007, TheoremOne LLC is a remote-first technology consulting company, globally distributed by design. Our services range from:
If itβs cool and engaging in technology, we are likely working on it.
Customers come to us because they need to change to succeed and are looking for a solution that isn't just about technology β but also people, process, and leadership. We consult, form a diverse team of experts, and deliver strategy and execution under one roof. Consultants come to us for the autonomy, depth of project, and challenge of working with a wide range of clients across multiple platforms and industries.
Our contributors are master puzzle solvers in a vast range of technologies.
Benefits and Perks 100% REMOTE - We're fully distributed EDUCATION AND CAREER GROWTH - We encourage our team to undertake any professional growth opportunities available, and we offer programs and financial assistance to achieve this! HEALTHY BODY, HEALTHY MIND - HAPPY TEAM - We offer paid vacation and support healthy lifestyles through our physical fitness benefits program. COMPANYWIDE VISIBILITY - We operate in a fully transparent environment to ensure we as a company and team have full understanding of where we came from, and where we are going. HEALTHCARE & FINANCE - For US, UK, Canada, and Spain based full time employees; we have comprehensive benefits.
#LI-Remote
TheoremOne expects all team members to be honest, trustworthy, and operate with integrity. Discrimination and all unlawful harassment (including sexual harassment) in employment is not tolerated. We encourage success based on our individual merits and abilities, and all decisions regarding recruitment, hiring, promotion, compensation, employee development decisions such as training, and all other terms and conditions of employment, are based on business needs, job requirements and individual qualifications without regard to race, genetics, nationality, national origin, citizenship status, employment status, ethnicity, ethnic origin, color, creed, religion, belief, age, family or parental status, pregnancy, marital status, sex, gender, sex or gender assigned at birth, gender identity, gender expression, sexual orientation, sexual preference, romantic orientation, romantic preference, pairing orientation, pairing preference, language, lifestyle, social class, socio-economic status, political affiliation, military or veteran status, physical and mental ability, disability, hairstyle, physical features, medical condition, or any other other status protected by the laws or regulations in the locations where we operate. We oppose all forms of unlawful or unfair discrimination. TheoremOne encourages applicants of all ages. We've created a competitive rewards model for our team members around the world. TheoremOne's benefit and compensation offerings vary depending on geographic location, are subject to eligibility requirements, and may be modified from time to time. TheoremOne is an equal opportunity employer.
TheoremOne is the winner of Comparably's Best Work-Life Balance: Top-Rated 100 Small/Mid-Sized Companies https://www.comparably.com/news/best-work-life-balance-2022/
Our Vulnerability Analyst will work with the GitHub Security Lab to help contribute to the curation of a security advisory Database. You will analyze, verify and fully document vulnerability reports, in order to address the problems of vulnerability uniqueness, transparency, and disclosure. The documented vulnerability information shared in the database informs developers and powers many commonly used open source tools.
If you have a solid foundation in information security and a passion for educating others about safe practices, then this role of securing open source software development might be the perfect opportunity for you.
Note that the initial engagement is a 6-month contract.
You Are a Good Fit If:
- You are passionate about helping your audience through great documentation regardless of experience level.
- You are self motivated, highly organized, and seeking a high performance culture.
- Your decisions are quick, calculated, and based in fact or backed by research.
- You enjoy organizing and searching for information.
- You enjoy connecting and working with online communities.
- You have the confidence to respond to a problem with "I don't know, but I will find out!" and the knowledge and research mindset to learn.
- You have worked either within or with engineers in the security/product security space
Responsibilities and Duties - In This Role You Will:
- Ensure the completeness and correctness of the advisory data within the GitHub security existing database.
- Review, fully document, curate and publish security advisories, including their descriptions, affected product data, severity, and more using their curation tooling.
- Work as part of a remote and geographically diverse team.
Required Qualifications and Skills
- Strong written and verbal communication skills in English and strong technical writing skills.
- Strong understanding of common software vulnerabilities and knowledge of secure code principles, including common versioning schemes.
- Strong understanding of open-source software development and packaged software.
- Familiarity with git and other version control software.
- Experience in the field of information security, system administration, or open-source software maintenance.
- Proficiency in one or more modern programming languages and their associated packaging ecosystems, such as JavaScript/npm, Java/Maven, Python/PyPI, .NET/nuget.
- Experience working with online communities
- Be able to provide a technical writing sample with your application. If possible the sample should be about code vulnerabilities and address the documented code base.
Preferred Qualifications
- Familiarity with vulnerability analysis, vulnerability trends, and using common vulnerability metrics (CVSS, CWE).
- Familiarity with evaluating the risk, impact, and severity of a vulnerability.
- Experience performing code reviews.
- Previous experience using open-source software and a strong interest in open-source security.
- Previous experience in the software security domain is a big plus, though other relevant experience will be considered as well.
- Ability to work in a team, empathy for others when they need help, and accountability when they rely on you.
Unsure if your skills meet all of our requirements? Apply anyway! We would love to meet you and find out more about how your skills could add value. At TheoremOne, we value open communication and feedback. We believe that diversity of identity, perspective, and experience makes us stronger; we would love to hear your perspective too!
Recording disclosure TheoremOne records interviews so that we can focus on delivering a great interview experience. If you are uncomfortable with being recorded, please let our recruiters know when they reach out to you.
About TheoremOne Founded in 2007, TheoremOne LLC is a remote-first technology consulting company, globally distributed by design. Our services range from:
- New product development
- Pure R & D
- Legacy modernization
- Revenue generation
- Process optimization
- Organizational transformation
If itβs cool and engaging in technology, we are likely working on it.
Customers come to us because they need to change to succeed and are looking for a solution that isn't just about technology β but also people, process, and leadership. We consult, form a diverse team of experts, and deliver strategy and execution under one roof. Consultants come to us for the autonomy, depth of project, and challenge of working with a wide range of clients across multiple platforms and industries.
Our contributors are master puzzle solvers in a vast range of technologies.
Benefits and Perks 100% REMOTE - We're fully distributed EDUCATION AND CAREER GROWTH - We encourage our team to undertake any professional growth opportunities available, and we offer programs and financial assistance to achieve this! HEALTHY BODY, HEALTHY MIND - HAPPY TEAM - We offer paid vacation and support healthy lifestyles through our physical fitness benefits program. COMPANYWIDE VISIBILITY - We operate in a fully transparent environment to ensure we as a company and team have full understanding of where we came from, and where we are going. HEALTHCARE & FINANCE - For US, UK, Canada, and Spain based full time employees; we have comprehensive benefits.
#LI-Remote
TheoremOne expects all team members to be honest, trustworthy, and operate with integrity. Discrimination and all unlawful harassment (including sexual harassment) in employment is not tolerated. We encourage success based on our individual merits and abilities, and all decisions regarding recruitment, hiring, promotion, compensation, employee development decisions such as training, and all other terms and conditions of employment, are based on business needs, job requirements and individual qualifications without regard to race, genetics, nationality, national origin, citizenship status, employment status, ethnicity, ethnic origin, color, creed, religion, belief, age, family or parental status, pregnancy, marital status, sex, gender, sex or gender assigned at birth, gender identity, gender expression, sexual orientation, sexual preference, romantic orientation, romantic preference, pairing orientation, pairing preference, language, lifestyle, social class, socio-economic status, political affiliation, military or veteran status, physical and mental ability, disability, hairstyle, physical features, medical condition, or any other other status protected by the laws or regulations in the locations where we operate. We oppose all forms of unlawful or unfair discrimination. TheoremOne encourages applicants of all ages. We've created a competitive rewards model for our team members around the world. TheoremOne's benefit and compensation offerings vary depending on geographic location, are subject to eligibility requirements, and may be modified from time to time. TheoremOne is an equal opportunity employer.
