Senior Manager, ASI Research & Development (Attack Surface Intelligence)

With 1,000 intelligence professionals, over $300M in sales, and serving over 1,800 clients worldwide, Recorded Future is the world’s most advanced, and largest, intelligence company!

We are seeking a highly skilled and experienced Senior Manager, Research & Development  to lead our efforts in researching digital threats and developing cutting-edge defense mechanisms.

Job Overview: As the Research & Development Manager, you will play a critical role in safeguarding our clients' digital infrastructure. You will lead a team of junior researchers, drive the identification and analysis of emerging threats, and ensure our scanning products are equipped with the most effective defense strategies. Your success will be measured by your ability to respond swiftly to new threats and maintain comprehensive threat coverage in our products.

Key Responsibilities:

• Research Leadership: Lead the research and analysis of current and emerging digital threats, identifying vulnerabilities and devising defensive strategies for our cybersecurity scanning products.
• Team Management: Oversee and mentor junior R&D personnel, guiding their research efforts and ensuring their work aligns with the company’s strategic goals.
• Threat Detection: Continuously monitor and assess the threat landscape to ensure our products remain effective against the latest cybersecurity threats.
• Threat Response: Develop rapid response strategies to new threats, ensuring timely updates to our scanning products.
• Vulnerability Analysis: Conduct in-depth vulnerability assessments, including the creation of custom network vulnerability checks and validation techniques.
• Collaboration: Work closely with product development teams to integrate research findings into product enhancements and new feature development.
• Technical Writing: Produce high-quality technical documentation, including research papers, vulnerability reports, and user guides, that translates complex concepts into accessible content.
• Innovation: Drive the innovation of new techniques for threat detection, vulnerability analysis, and defensive strategies, ensuring our products are always ahead of the curve.
• Threat Intelligence: Utilize common threat intelligence models such as MITRE ATT&CK, D3FEND, the Diamond Model, and the Cyber Kill Chain to enhance threat detection capabilities.
• Industry Engagement: Stay up to date with industry trends, participate in cybersecurity forums, and contribute to the broader cybersecurity community through research publications and presentations.

Qualifications:

• A degree in Cybersecurity, Computer Science, Information Technology, or equivalent experience.
• A minimum of 5 years of substantial experience in cybersecurity, with a focus on threat detection, penetration testing, or vulnerability assessment.
• In-depth understanding of attack surface management, including asset discovery, service fingerprinting, enumeration, and vulnerability scanning.
• Extensive experience with tools such as Tenable, Rapid7, Qualys, or Nuclei for creating and validating network vulnerability checks.
• Experience with Internet-scale scanning and discovery.
• Strong grasp of cybersecurity principles, attack trajectories, and vulnerability analysis techniques.
• Demonstrable experience in researching and analyzing new cyber threats across various industries and timeframes.
• Proven ability to deploy vulnerable infrastructure in a lab environment for threat analysis.
• Experience authoring signatures and checks for vulnerability identification.
• Practical experience with recon and security testing tools such as NMap, Zmap, Burp, Zap, Amass, and Subfinder.
• Experience with vulnerability research and binary analysis for patch diffing.
• Familiarity with cyber threat intelligence tools like DomainTools, VirusTotal, SHODAN, and Censys.
• Strong technical writing skills with a portfolio of published work.
• Proficiency in scripting and programming languages such as YAML, Python, Golang, Javascript, and C.
• Prior experience in a quick reaction or incident response team environment.

Preferred Qualifications:

• Relevant industry certifications such as OSCP, OSWA, GWAPT, Pentest+, or equivalent.
• Experience in driving innovation within a research environment, particularly in threat detection and defense mechanisms.
• Experience working within a product-focused R&D environment, contributing to the development of commercial cybersecurity solutions.

Why should you join Recorded Future?
Recorded Future employees (or “Futurists”), represent over 40 nationalities and embody our core values of having high standards, practicing inclusion, and acting ethically. Our dedication to empowering clients with intelligence to disrupt adversaries has earned us a 4.8-star user rating from Gartner and more than 45 of the Fortune 100 companies as clients.

Want more info? 
Blog & Podcast: Learn everything you want to know (and maybe some things you’d rather not know) about the world of cyber threat intelligence
Instagram & Twitter: What’s happening at Recorded Future
The Record: The Record is a cybersecurity news publication that explores the untold stories in this rapidly changing field
Timeline: History of Recorded Future
Recognition: Check out our awards and announcements

We are committed to maintaining an environment that attracts and retains talent from a diverse range of experiences, backgrounds and lifestyles.  By ensuring all feel included and respected for being unique and bringing their whole selves to work, Recorded Future is made a better place every day.

If you need any accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to our recruiting team at careers@recordedfuture.com 

Recorded Future is an equal opportunity and affirmative action employer and we encourage candidates from all backgrounds to apply. Recorded Future does not discriminate based on race, religion, color, national origin, gender including pregnancy, sexual orientation, gender identity, age, marital status, veteran status, disability or any other characteristic protected by law.

Recorded Future will not discharge, discipline or in any other manner discriminate against any employee or applicant for employment because such employee or applicant has inquired about, discussed, or disclosed the compensation of the employee or applicant or another employee or applicant.

Notice to Agency and Search Firm Representatives:
Recorded Future will not accept unsolicited resumes from any source other than directly from a candidate. Any unsolicited resumes sent to Recorded Future, including those sent to our employees or through our website, will become the property of Recorded Future. Recorded Future will not be liable for any fees related to unsolicited resumes.

Agencies must have a valid written agreement in place with Recorded Future's recruitment team and must receive written authorization before submitting resumes. Submissions made without such agreements and authorization will not be accepted and no fees will be paid.