Senior Staff Software Engineer – Vulnerability Intelligence

About SecurityScorecard:

SecurityScorecard is the global leader in cybersecurity ratings, with over 12 million companies continuously rated, operating in 64 countries. Founded in 2013 by security and risk experts Dr. Alex Yampolskiy and Sam Kassoumeh and funded by world-class investors, SecurityScorecard’s patented rating technology is used by over 25,000 organizations for self-monitoring, third-party risk management, board reporting, and cyber insurance underwriting; making all organizations more resilient by allowing them to easily find and fix cybersecurity risks across their digital footprint. 

Headquartered in New York City, our culture has been recognized by Inc Magazine as a "Best Workplace,” by Crain’s NY as a "Best Places to Work in NYC," and as one of the 10 hottest SaaS startups in New York for two years in a row. Most recently, SecurityScorecard was named to Fast Company’s annual list of the World’s Most Innovative Companies for 2023 and to the Achievers 50 Most Engaged Workplaces in 2023 award recognizing “forward-thinking employers for their unwavering commitment to employee engagement.”  SecurityScorecard is proud to be funded by world-class investors including Silver Lake Waterman, Moody’s, Sequoia Capital, GV and Riverwood Capital.

About the Role:

We are looking for a Senior Staff Software Engineer with experience in PHP, JavaScript (Node.js, jQuery, Vue, React), and Java to develop and maintain a platform that displays Common Vulnerabilities and Exposures (CVEs) and other security-related data. While this is not a security research or exploit development role, a strong understanding of security concepts and vulnerability data is highly desirable. The ideal candidate will be responsible for building scalable, user-friendly applications that aggregate, process, and present security vulnerability information in an accessible and insightful manner.

Key Responsibilities:

• Develop, maintain, and enhance a vulnerability tracking and reporting platform that displays CVEs, security advisories, and related data.
• Integrate with CVE databases, security feeds, and APIs (e.g., NVD, MITRE, OSV) to collect and display up-to-date vulnerability information.
• Design and implement efficient search, filtering, and categorization features to help users explore vulnerability data effectively.
• Develop and optimize the frontend using JavaScript frameworks (Vue, React, jQuery) for a seamless user experience.
• Implement backend logic in PHP and Java to process, normalize, and store large volumes of vulnerability-related data.
• Ensure data integrity, accuracy, and performance by designing robust database structures and indexing strategies.
• Work with security teams and analysts to improve the way vulnerabilities are presented and categorized.
• Optimize API performance and ensure the application can scale with growing datasets.
• Implement user authentication, role-based access control (RBAC), and security best practices to protect platform users and data.
• Automate data ingestion, updates, and notifications for newly published vulnerabilities.

Required Skills & Qualifications:

• Proficiency in PHP, JavaScript (Node.js, jQuery, Vue, React), and Java, with experience developing scalable web applications.
• Experience working with APIs, web scraping, or data aggregation from third-party sources.
• Strong understanding of databases (SQL, NoSQL, Elasticsearch, or similar) for efficient data storage and retrieval.
• Some familiarity with CVE databases, vulnerability classification (CVSS, CWE), and security advisories.
• Experience designing user-friendly dashboards, reports, and visualization tools for technical and non-technical users.
• Solid understanding of web security best practices (e.g., preventing XSS, CSRF, and SQL injection).
• Knowledge of API security, authentication mechanisms (OAuth, JWT), and access control.
• Ability to work with large datasets, optimizing queries and indexing strategies for fast retrieval.
• Strong debugging, troubleshooting, and performance optimization skills.

Preferred Qualifications:

• Experience integrating with security APIs such as MITRE CVE, NVD, OSV, VulnDB, or similar.
• Knowledge of container security (Docker, Kubernetes) and cloud infrastructure (AWS, Azure, GCP).
• Experience with search technologies like Elasticsearch or OpenSearch for indexing and querying vulnerability data.
• Familiarity with machine learning or automation techniques to enhance vulnerability analysis.
• Background in cybersecurity, vulnerability management, or security engineering.

Benefits:

Specific to each country, we offer a competitive salary, stock options, Health benefits, and unlimited PTO, parental leave, tuition reimbursements, and much more!

SecurityScorecard is committed to Equal Employment Opportunity and embraces diversity. We believe that our team is strengthened through hiring and retaining employees with diverse backgrounds, skill sets, ideas, and perspectives. We make hiring decisions based on merit and do not discriminate based on race, color, religion, national origin, sex or gender (including pregnancy) gender identity or expression (including transgender status), sexual orientation, age, marital, veteran, disability status or any other protected category in accordance with applicable law. 

We also consider qualified applicants regardless of criminal histories, in accordance with applicable law. We are committed to providing reasonable accommodations for qualified individuals with disabilities in our job application procedures. If you need assistance or accommodation due to a disability, please contact talentacquisitionoperations@securityscorecard.io.

Any information you submit to SecurityScorecard as part of your application will be processed in accordance with the Company’s privacy policy and applicable law. 

SecurityScorecard does not accept unsolicited resumes from employment agencies.  Please note that we do not provide immigration sponsorship for this position.   #LI-DNI