Cybersecurity Software Engineer
Budget: $600.0
FIXED /
⭐ 0.00 (0)
United States
openvas, vulnerability-assessment, network-security, kali-linux, python, node.js, penetration-testing
1. Move From Scheduled Scans to Continuous Monitoring Our scanning today runs on a configure-and-wait model. The market has moved to always-on monitoring that doesn't wait for the next scheduled scan. This is infrastructure work for our engineer, not an AI feature — and it's becoming the baseline expectation across the category. 2. Add an AI-Vendor-Governance Risk Category Regulators are starting to ask not just "is this vendor secure" but "does this vendor use AI responsibly." This fits naturally next to our existing Internal User Risk and Vendor Risk modules, i.e., a new risk type, not a new module architecture.
A. Autonomous Risk Analyst Agent ("Xcigence Sentinel")
An agent that continuously runs across your existing modules (scanning, vulnerability analysis,
third/fourth-party risk, supply chain) and:
∙Correlates a new CVE or vendor breach disclosure against our asset inventory and vendor list
automatically, without waiting for the next scheduled scan
∙Drafts the remediation ticket, severity justification, and affected-asset list itself
∙Surfaces only what changed and why it matters, instead of a static dashboard the CISO has to
re-read every morning
∙Marketing angle: "Stop checking your dashboard. Let it check you." — positions Xcigence as
proactive, not a reporting tool.
B. Agentic Fourth-Party & Supply Chain Mapper
Supply chain and fourth-party risk are manual list/lineage views today (per your QA script). An agent
could:
∙Autonomously crawl public disclosures, SEC filings, breach databases, and vendor
subprocessor lists to discover undisclosed fourth/fifth parties your vendors depend on
∙Auto-update the lineage graph and flag concentration risk ("12 of your vendors all depend on
the same cloud subprocessor")
∙This directly leapfrogs Panorays, whose 4th/5th-party reach is currently their headline
differentiator.
C. Compliance Evidence-Collection Agent
Matches and beats CyberSaint's current lead here:
∙Agent autonomously pulls evidence from connected systems (cloud configs, ticketing, IAM)
and maps it to framework controls (CRI Profile/NIST CSF 2.0, SOC 2, ISO 27001) without an
analyst manually uploading screenshots
∙Flags evidence that's stale or about to expire before an audit, not during one
D. M&A and Investor Diligence Agent
We already have a Post-M&A Assessment module and Investor Protection module which are
seemingly rare features. An agent could:
∙Run an autonomous "instant cyber due diligence" scan on a target company the moment a
deal is initiated, producing a defensible risk report in hours instead of weeks
∙This could be our single biggest white-space opportunity. No major competitor above leads
with M&A/investor-diligence as a flagship use case.
"Xcigence: Cyber Due Diligence at Deal Speed" could be a standalone product line.
E. Insider/Internal User Risk Behavioral Agent
Our Internal User Risk module currently shows detail data. An agent could continuously baseline
normal user behavior and proactively flag deviations (unusual data access, off-hours admin activity)
bringing UEBA-style detection into a category where it's rarely paired with vendor risk.
F. Conversational "Ask Xcigence" Interface
A natural-language layer across the whole platform "Which vendors increased our supply chain risk
this month and why?", answered by an agent that queries scan history, vendor risk, and compliance
data live and cites its sources (this is now table stakes per the SOC vendors above; should not be
skipped).
Revamp the design of the dashboard to a modern and aestetically beautiful dashboard with interactive visuals.
Test all functionalities including security, integration and regression testing making sure all security loopholes are fixed
Document every design, development and changes and test scripts
Compile all REST APIs and all other tehcnicial integration artifacts
Fix the existing reporting issues with all the solutions.
Open job